[OpenID] signing alg and high order bits
Peter Williams
pwilliams at rapattoni.com
Mon Jul 13 06:55:40 UTC 2009
Id like to propose that from the get-go, the chain of certs on a signed XRD is - assuming the keyinfo is cert-based - an unordered bag of certs. That is, an XRDS application MUST be prepared to resolve a chain used for verifying the signature using local methods. Obviously, when XRI resolution is applied, there is a native resolution mechanism built into openid itself. However I dont believe that folks should be constrained to using XRI resolution to find paths through a trust fabric.
________________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Peter Williams [pwilliams at rapattoni.com]
Sent: Sunday, July 12, 2009 10:48 PM
To: general at openid.net
Subject: [OpenID] signing alg and high order bits
Folks should consult a professional cryptographer .... but
note that in the original scheme for signed XRDs, using SAML tokens, there are random high-order bits early on in the serialization of the to-be-signed material (the xml:id field).
in the google spec, the query string is quite predicable, as are the type' tag's attributes
if the XRI authority is using cids for query, and the cid are as in the openxri server from a predictable sequence generator (0,1,2...!) then resolution of canonical-id queries doesn't help.
Eastlake and Solo were both very experienced security/cryptography experts, who lived through the vulnerabilities of early phase X.509 (1988-1990) using RSA. I assume that the control parameters of the xmldsig signing mechanism (the algorithm specifiers and the URI refs) are part of the hashed mateiral. If not, these need to go in the to-be-signed material.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list