Alternate proposal for digital signatures

Bob Denny rdenny at dc3.com
Wed Mar 12 22:00:47 PDT 2008 

Rob:
> I'm the guy Bob talked to.  Glad to see we were all pent up and ready  
> to wrestle with VOEvent issues again!

Yes, and I appreciate those of you who so quickly looked over my paper. It would
have been nice not to have misspelled the first word on the subject line of my
first post here, though :-(

Roy:
> May I ask if you could build the report like an IVOA Note (see examples 
> in [1]) and submit it that way? It means either HTML or a Word document 
> with the recommended styling [2]. This makes your contribution much more 
> visible.

OK and thanks for the suggestion. Visibility is good! It will be a week or more,
as I am now in the throes of releasing a new version of the scheduler (the last
component of which is the VOEvent receiver/requestor). Once the smoke clears
from that, though, I'll reformat it and repost it.

Matthew:
> One of the main motivations for using X.509 certificates and XML  
> digital signatures is that this is the security model recommended by  
> the International Virtual Observatory Alliance (IVOA) which defined  
> the VOEvent standard. Consistency and interoperability are often  
> better goals than an easier implementation.

I understand. My objective was to present an alternative to that security model,
with the advantages I mentioned.

Steve (in response to Matthew):
> There are many opinions that the W3C Signature standard is way
> too complex, way too hard to implement correctly, and requires
> way too much consideration on the part of the users.
> I agree completely.

Me too. Furthermore, there is the issue of creating a "flag day" after which one
must be prepared to receive potentially incompatible signed messages. This seems
much larger than the difficulty issue. I wanted to make signatures transparent
to current parsers, and elective for implementation.

As an aside, does anyone here question the efficacy and/or strength of a 1024
bit (DSA) signing key and SHA-1 hash? From my perspective, this is more than
enough for the intended application and the cost/benefit of breaking the key.
And does RFC 4880[1] specify a system that is worthy of becoming part of a
VOEvent standard?

Steve (elsewhere):
> On the other hand, I also agree completely that within the scope of
> the syntax of XML, there is no simpler option.  Toolkits that
> implement W3C Signature exist, and we'll have to consider how to use
> them.

That's why I proposed something -outside- the scope of XML (well, unless you
consider comments part of "XML"). Compare the effort required to implement the
two approaches, and the effects on the existing infrastructure.

> There is also the tangle of XML canonicalization.  Two XML documents  
> can be content-identical without being byte-identical, and tools  
> that handle XML documents may reformat the bytes.  This is beyond  
> the ken of PGP/GPG.

And beyond any signature scheme, PGP/GPG or not. This is a tough one... But do
we really *need* to couple the two together? I see an advantage in decoupling
both syntax and semantics of the VOEvent message from the signing scheme ...
simplicity. Sure, addressing canonicalization is probably an important task, but
after all, signing simply ensures that a receiver knows (a) who the "stuff" came
from, and (b) that it hasn't been altered since origination. What the "stuff"
means can (and I think should) be treated separately.

Roy:
> Our upcoming Interop meeting is 19-23 May, in Trieste, Italy. We  
> will have a VOEvent session on signatures, and I invite you to talk  
> there if you could manage to get all that way!

I wish... My travel budget (not inconsequential) is pretty much dedicated to
going to conferences where there are people who might buy my software. A trip to
Trieste just isn't something I can do on my budget (which is fueled 100% from
sales of my automation software). I can get to conferences here in the US and
will do so as my schedule permits, though...

Thanks again for looking at my proposal, I do appreciate it. In any case, I'm in
it for the long haul and will do whatever it takes to continue to operate on the
VOEvent network[2].

  -- Bob


[1] http://tools.ietf.org/html/rfc4880

[2] I should be able to bring a fair number of smaller university and community
college observatories, and some high-end amateurs who do science, on to the
network as followup sites. In addition I have a small number of customers
(educational and high-end amateur) who are doing things like SNe searching (e.g.
Puckett team who have now found 178 SNEs), automated CV searching and CV
outburst detection, various photometric studies, and of course minor planet
detection and lightcurve work. These people should be originating VOEvents, and
I hope to have that capability going in the near future. I won't talk about this
stuff any more...

More information about the voevent mailing list