Hi Paul, sorry I forgot to answer, I've got a lot on my minds these days…
Le mercredi 9 novembre 2022, 14:01:27 CET Paul Schaub a écrit : > Hey! > > Thank you Goffi for creating this proposal. Cross-reading it, some > points come to mind: > > In the glossary under "signing profile" you write: "a specialisation of > this specification for a specific cryptographic algorithm." > I think instead of "cryptographic algorithm", a more generalized term > such as "cryptographic system" would be more suitable. For example, > OpenPGP as a message format supports all kinds of algorithms. Right, I'll change it on next update if it's accepted. > In "Overview", you write "To sign a pubsub item, the signature and the > signed data are separated.". Its not fully clear to me what that means. > Is this intended to handle the case where an additional signer signs > some already-signed item? Or does it mean that signature and data are > handled separately from another? the source item is not modified, and the signature is put in an attachment. To avoid wasting resources and duplicating the item, only the signature is used, and not the full element wrapped in an signature element like it is done in XEP-0373 > > Also, perhaps a bit nit-picky, "Overview" and "Signing a Pubsub Item" > begin with the same exact phrase. Yeah I may reformulate > > From "Wrapper Element (After Normalization)": "If the pubsub item is > encrypted, the signature MUST be done on the plain text version of the > item before the encryption of the item. The signature attachment SHOULD > be encrypted too.". > It is probably a good idea to add an additional sentence explaining that > adding a signature over plaintext outside of the encrypted data may leak > information (such as a hash) about the content of the encrypted data. > Maybe something for Security Considerations? Hum, maybe a MUST would be better here > > In "Rationales", you could add the use-case of signing-key rotation. I > could imagine a microblogging application where the user can rotate > their signing key. Attaching new signatures can be used to re-certify > old posts. I haven't thought about this use case. Would be good to indeed show a way to add several signatures from the same entity in case of key rotation. > The last paragraph of "Business Rules" is very long and confusing. "It is essential to use the same <to/>, <time/>, <signer/> and signing profile extra elements in the <signature/> element put in attachment and in wrapper <sign-data/> element used for signed data, as it is necessary for receiving client to re-build the wrapper element and then validate the signature." => this one you mean? It essentially means that the elements must be in same order to be sure to validate the signature. Maybe I can reformulate, do you have any suggestion? > > In "Security Considerations": "Signature is intimely linked...", do you > perhaps mean "intimately"? Probably, French influence. > > Hope you may find some of my feedback useful :) Definitely, thanks! Goffi _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
