Cryptographic authentication of VOEvents

Bob Denny rdenny at dc3.com
Wed Sep 12 10:15:02 PDT 2012


Hello --
>  However the fact that you effectively have to abandon the signature as soon as a document enters an XML parser, seems an obvious massive downside.  You have to abandon the signature because it's axiomatic in any XML processing system that the serialisation -- the collection of angle brackets -- doesn't matter, so if it's the serialisation and not the content that you've signed, then you're going right against the grain.  Good engineering goes with the grain.
Depending on the "grain". What is the objective of the digital signature? Why do
we want to sign?

(x) Sign the Transport messages for access authentication. For this XML
normalization and all of that is irrelevant.

(y) Sign the VOEvent message to assure authenticity of the message. OK... What
is "authenticity"?

    (a) The message has not been altered

    (b) The message really came from the Author IVORN

It is (y.a) that we're discussing. Can we agree that we already agree on (x) how
to sign the Transport authentication messages? Can we agree on (y.b) that the
key must carry the Author IVORN as its primary user-id, or alternately (for 3rd
party signers) that the Author IVORN must countersign the third party signer's
key. This allows a recipient to know that the message came from the Author IVORN
or its designated representative without having to make value judgements on
whether he thinks the message really came from the Author IVORN.

Allan:
> I don't think the basic positions have changed since 2004....
Nope. A twist on the cryptography but not the basic difference: WRT (y.a) the
discussion is whether we want to assure the authenticity of the /actual/ message
or of the /meaning /of the message.

My view: If someone is going to parse and store the info in a message, fine. But
I see no great value in the additional complexity needed to preserve the
signature through serialization and deserialization when storing the original
message and signature in another database column serves to preserve it in its
original format, and if needed that message can be pulled out and forwarded or
whatever. The original message is the thing that the author produced, and its
integrity seems important to me.

To me this is just a philosophical disagreement driven by two incompatible
perspectives: XML purism versus communications/message purism. Good engineering
goes with the grain of simplicity and elegance.

  -- Bob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ivoa.net/pipermail/voevent/attachments/20120912/6191e7bc/attachment.html>


More information about the voevent mailing list