[KEYPROV] Bug in PSKC XML schema wrt XMLDsig?
Simon Josefsson <simon@josefsson.org> Tue, 16 October 2012 08:07 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: keyprov@ietfa.amsl.com
Delivered-To: keyprov@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA24821F8862 for <keyprov@ietfa.amsl.com>; Tue, 16 Oct 2012 01:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.444
X-Spam-Level:
X-Spam-Status: No, score=-99.444 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_COM=0.553, HOST_EQ_STATICB=1.372, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1gtu2TJ2PokP for <keyprov@ietfa.amsl.com>; Tue, 16 Oct 2012 01:07:31 -0700 (PDT)
Received: from yxa-v.extundo.com (static-213-115-179-173.sme.bredbandsbolaget.se [213.115.179.173]) by ietfa.amsl.com (Postfix) with ESMTP id AAD3021F8832 for <keyprov@ietf.org>; Tue, 16 Oct 2012 01:07:29 -0700 (PDT)
Received: from latte (host-95-193-1-90.mobileonline.telia.com [95.193.1.90]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q9G87Kxr029709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <keyprov@ietf.org>; Tue, 16 Oct 2012 10:07:22 +0200
X-Hashcash: 1:22:121016:keyprov@ietf.org::wNF4G97uLRH1uJ7+:VyH1
From: Simon Josefsson <simon@josefsson.org>
To: keyprov@ietf.org
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Tue, 16 Oct 2012 10:07:14 +0200
Message-ID: <87vceaq1ql.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.3 at yxa-v
X-Virus-Status: Clean
Subject: [KEYPROV] Bug in PSKC XML schema wrt XMLDsig?
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 08:07:31 -0000
All, I have implemented support for XMLDsig protected PSKC and ran into an issue with the XML Schema for PSKC. It seems the Signature element is in the wrong namespace, making it incompatible with the XMLDsig specification. There is a thread on this on the XMLSec mailing list: http://thread.gmane.org/gmane.text.xml.xmlsec/4178 Both Aleksey Sanin (author of the XMLSec library) and G. Ken Holman (XML expert) appear to believe this is an error in the schema: http://thread.gmane.org/gmane.text.xml.xmlsec/4178/focus=4181 http://thread.gmane.org/gmane.text.xml.xmlsec/4178/focus=4185 The fix appears to be simple, but before filing an RFC errata for this I'd thought I should bring this up in case anyone wants to comment. Section 7: OLD: <Signature> NEW: <ds:Signature> OLD: </Signature> NEW: </ds:Signature> Section 11: OLD: <xs:element name="Signature" type="ds:SignatureType" minOccurs="0"/> NEW: <xs:element ref="ds:Signature" minOccurs="0"> /Simon
- [KEYPROV] Bug in PSKC XML schema wrt XMLDsig? Simon Josefsson