XML signatures and RELAX NG schemas in ISO/IEC 29500-2 (OPC of OOXML)

Chris Rae Chris.Rae at microsoft.com
Tue Sep 28 00:22:39 CEST 2010 

Hi Murata-san - I asked David LeBlanc, our crypto/signing expert, about these questions. I was about to try and paraphrase what he said here, but after I started I realised it would be much simpler just to give you it from the horse's mouth:

--
Exclusive C14N is used when some sub-element is signed, and then it gets moved to a new parent document. We never do that, so we don't have that problem, and there's no need to use exclusive C14N.

Next, exclusive C14N is a 'may' that is only referenced inside of a note to xmldsig 1.1. As we have no need for it in our current signatures, and it is not required, then we don't currently support it.

As to xmldsig 2.0, they have unfortunately chosen to make it a breaking change instead of an incremental change. This will make it more difficult to adopt, as if we do start emitting 2.0 signatures, then older versions would believe these to be invalid. Exclusive C14N is a requirement of xmldsig 2.0, assuming the draft isn't changed, and if we support xmldsig 2.0, we'll support exclusive C14N at that time.
--

Does that answer your questions?

Chris

-----Original Message-----
From: Chris Rae [mailto:Chris.Rae at microsoft.com] 
Sent: 27 July 2010 09:31
To: MURATA Makoto (FAMILY Given)
Cc: e-SC34-WG4 at ecma-international.org
Subject: RE: XML signatures and RELAX NG schemas in ISO/IEC 29500-2 (OPC of OOXML)

The Office 2010 XaDeS support is detailed in one of the file format documents we have online, MS-OFFCRYPTO - it's available as a PDF at http://msdn.microsoft.com/en-us/library/cc313071(office.12).aspx. The schemas are inline. The various other Office 2010 extensions are siblings of that document - an index is at http://msdn.microsoft.com/en-us/library/cc313105(v=office.12).aspx.

I'll have to report back on the Exclusive C14N question.

Chris

-----Original Message-----
From: MURATA Makoto (FAMILY Given) [mailto:eb2m-mrt at asahi-net.or.jp]
Sent: 27 July 2010 08:09
To: Chris Rae
Cc: e-SC34-WG4 at ecma-international.org
Subject: Re: XML signatures and RELAX NG schemas in ISO/IEC 29500-2 (OPC of OOXML)

Chris,

You are right in saying that XML Signature 1.1 and XML Siganture Properties are still in draft status.  

> If you have specific defects in mind then we could definitely talk through them here on the list, though?

Exclusive C14N is a recommendation.  Why it is not referenced?

> Also, the XAdES support currently implemented in MCE by Office 2010 
>may make Signature Properties unnecessary if that XAdES support becomes 
>a part of the new Extensions standard.

I would like to know more about the XAdES support by MS.  Are there any schemas for it?

Cheers,
Makoto

More information about the sc34wg4 mailing list