Re: Atom protocol and digital signatures

Tue, 19 Jun 2007 18:04:37 -0700 


At 1:43 AM +0200 6/20/07, A. Pagaltzis wrote:

* Paul Hoffman <[EMAIL PROTECTED]> [2007-06-19 21:40]:

 The method for a server to indicate to a third party whether or
 not the client signed an Entry Document is by including the
 client's signature in the published entry, even though that
 signature is likely to be invalid.


I strongly disagree with this. As a consumer, I have no possible
way to know whether an invalid signature is there because

* the publishing client included it
* the server made up a signature to feign signing by the client
* a third party tampered with the entry between the server and me

Therefore as a consumer I would never ever assume that an invalid
signature meant anything else than that the signature on this
entry is not valid.


Fully agree so far.


Encouraging servers



Stop right there. Nothing in the quoted text *encourages* anyone. We 
said that there was a method, which is completely true. We also said 
that this is "the" method, which is also completely true (we didn't 
create another method). That is a far cry from encouragement.



If the server is not, though, then it really should strip the
signature if it knows it has invalidated it. Note that my
proposed text said "strongly encouraged", not "SHOULD". After
all, it is not an interop concern, nor do I desire to dictate
server behaviour.



The WG has gone out of its way to put as few restrictions on servers 
as possible, and to minimize the number of "encouragements" (much 
less strong encouragements). I took that earlier direction to heart 
in the above paragraph.



If the WG wants to make a strong encouragement here, that's fine, but 
we do so against our earlier trend.



However, I do think this particular implementation choice
makes a lot of sense and should be the default choice for
server implementors who don't have specific reason to do
things otherwise. And I think the spec should nudge them in
that direction.



Given that this is the Security Considerations section, we should 
have a security reason for the nudge. I don't think we have one. 
There is no security problem with publishing a known-bad signature.


























					Reply via email to