2.9 Canonicalization

Previous page
Table of content
Next page

Canonicalization is a critical aspect of digital signatures and verification. It also has limited applicability to encryption.

To be useful, signatures (and message authentication codes, if appropriate) must be secure and robust. For the signature to be secure, any "significant" change in the signed data or the signature must cause the signature to fail. For the signature to be robust, any "insignificant" change in the signed data, or the signature itself, must not cause the signature to fail. Any change allowed by normal receipt, storage, and/or transmission of the message should be considered insignificant and should not be covered by the signature. Figuring out exactly what is significant for signature purposes can prove tricky. Message digest algorithms, which are used in message authentication codes and digital signatures, reflect any change in their input, so you must manage their input carefully. In particular, that input should normally consist of a canonicalization of the data being secured, discarding insignificant aspects of that data.

Chapter 9 is entirely devoted to canonicalization, particularly as it pertains to XML.

Previous page
Table of content
Next page
Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186
Authors: Donald E. Eastlake, Kitty Niles
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
VBScript Programmers Reference
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
WebLogic: The Definitive Guide
Data Structures and Algorithms in Java
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy