RE: Security Signatures

[David Burdett <david.burdett@commerceone.com>]

Bob

A few comments below marked with ## ...

David

-----Original Message-----
From: Miller, Robert (GEIS) [mailto:Robert.Miller@geis.ge.com]
Sent: Tuesday, March 21, 2000 11:52 AM
To: ebXML Transport (E-mail)
Subject: RE: Security Signatures


Some business models may require 'signature over signature', not just
multiple signatures.  
## I agree##
If we provide in our header structures the ability to
sign both headers and message bodies, we may have to address a 'signature
over signature' requirement.  This suggests to me that 'signature' should be
a standalone XML document, 
##Probably true if we use S/MIME, but not true if we use XMLDSIG##

whose content includes a 'table of contents' over
which the signature has been applied.  
##XMLDSIG defines it's own "manifest" which is effectively a table of
contents. We need to think what we do about an equivalent of this if we use
S/MIME##

The specification currently states in '2 Message Structure' that 'Message
Signatures are held in the Header Envelope separately from the other headers
since: o Signatures cannot sign themselves and ...'

While signatures cannot sign themselves, 
##Agreed##
they can sign other signatures.
##Also agreed##
Therefore, IMO, each signature should be held in a separate body part, not
within the Header Envelope (assuming Header Envelope' is a single body
part).  The scope of a signature would be defined by a 'table of content'
within the signature document.

There likely also is an architectural simplicity benefit in constraining
signatures to separate XML documents.
##We want to strive for architechtural simplicity, but IMO, what is "simple"
will vary depending on the technology we use for signing (XMLDSIG or
S/MIME). As XMLDSIG development is well advanced (it's just gone to "last
call" we should be able to make sensible decisions on how to handle both.##

Cheers,
        Bob