Andrey - on January 26, Marcos proposed changing the c14n algorithm in
[1] and [2] and notified the group in [3] that he updated the Editor's
Draft [ED] to reflect his proposal. He included rationale in [1].
Marcos - in what way(s) does your proposal break the signer and
validator conformance classes as defined in the June 2010 CR [CR]?
-Art Barstow
[1] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0247.html
[2] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0250.html
[3] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0254.html
[ED] http://dev.w3.org/2006/waf/widgets-digsig/
[CR] http://www.w3.org/TR/2010/CR-widgets-digsig-20100624/#conformance
-------- Original Message --------
Subject: Questions regarding to "Test Suite for the XML Digital
Signatures For Widgets Specification "
Resent-Date: Thu, 27 Jan 2011 18:11:37 +0000
Resent-From: <public-webapps@w3.org>
Date: Thu, 27 Jan 2011 20:12:28 +0300
From: ext Andrey Nazarov <andrey.naza...@oracle.com>
To: <public-webapps@w3.org>
Hello All,
I hope it is right place to ask about Test Suite for the XML Digital
Signatures For Widgets Specification.
If not, where is better?
I. Test 19rsa.wgt.
I found that the author-signature.xml and signature1.xml files were
corrected today (27-Jan-2011).
It seems to me that this correction broken correspondence betwee
specification and test.
Why values of the "CanonicalizationMethod Algorithm" attribute of
SignedInfo and "Transform Algorithm" attribute of Reference were changed
to the same value http://www.w3.org/TR/2001/REC-xml-c14n-20010315?
The specification document "Digital Signatures for Widgets W3C Candidate
Recommendation 24 June 2010"
(http://www.w3.org/TR/widgets-digsig/#xmldsig11)
has the following sentences:
1. The following canonicalization algorithms /MUST/ be supported by an
implementation <http://dev.w3.org/2006/waf/widgets-digsig/#implementation>:
Exclusive XML Canonicalization 1.0 (omits comments) [XML-exc-C14N]
<http://dev.w3.org/2006/waf/widgets-digsig/#xml-exc-c14n>:|http://www.w3.org/2001/10/xml-exc-c14n#|
(see chapter8.3. Canonicalization Algorithms)
I think it means that the "CanonicalizationMethod Algorithm" attribute
of SignedInfo must be |http://www.w3.org/2001/10/xml-exc-c14n#
2. |A |ds:Reference| to same-document XML content /MUST/ have a
|ds:Transform| element child that specifies the canonicalization method.
Canonical XML 1.1 /MUST/ be specified as the Canonicalization Algorithm
for this transform.
(see chapter9.2. Common Constraints for Signature Generation and Validation)
I think it means that the "Transform Algorithm" attribute of
ds:Transform must be http://www.w3.org/2006/12/xml-c14n11..
||3. An implementation /SHOULD/ be able to process a |ds:Reference| to
same-document XML content when that |ds:Reference| does not have a
|ds:Transform| child element, for backward compatibility. In this case
the default canonicalization algorithm Canonical XML 1.0 will be used.
(see chapter9.2. Common Constraints for Signature Generation and Validation)
I think only for this case could be used the
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" URI.
Why this correction was done?
II. Test 19dsa.wgt.
Could somebody confirm that this test is correct?
The deal is when I look on the certificate that is used for this test I
see that it contain information about DSA Public Key, but the Signature
Algorithm for this certificate is pointed as SHA1withRSA. Is it correct?
Thank you in advance,
Andrey