Functional Explanation of Changes in XML Signature 1.1

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

In the case of any difference between this document and the XML Signature 1.1 specification [XMLDSIG-CORE1], the XML Signature 1.1 specification is authoritative.

This Note has been updated since the previous publication to remove the text stating that OCSPResponse was added to XML Signature 1.1, as it has been removed from XML Signature 1.1. References have also been updated (diff).

This document was published by the XML Security Working Group as a Working Group Note. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All comments are welcome.

Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

2. Changes

2.1 Algorithms Added

Add Elliptic Curve signature algorithms: ECDSA-SHA1 (OPTIONAL), ECDSA-SHA256 (REQUIRED), ECDSA-SHA384 (OPTIONAL), and ECDSA-SHA512 (OPTIONAL)
Generally extend SHA beyond SHA-1
- Add digest algorithms: SHA224 (OPTIONAL), SHA256 (REQUIRED), SHA384 (OPTIONAL), SHA512 (OPTIONAL)
- Add RSA signing algorithms: RSAwithSHA256 (REQUIRED), RSAwithSHA384 (OPTIONAL),RSAwithSHA512 (OPTIONAL)
Update canonicalization algorithms to reflect existing practice
- Add Exclusive XML Canonicalization 1.0 (omits comments) REQUIRED.
- Add Exclusive XML Canonicalization 1.0 (with Comments) RECOMMENDED.
Add XPath Filter 2.0 as RECOMMENDED transform algorithm. (alternative to URI fragment identifiers).

For all algorithms added, algorithm identifiers and information were added to the specification.

2.2 Algorithms Changed

Discourage use of SHA-1 but allow it for compatibility
- SHA-1 use is DISCOURAGED (but support is still REQUIRED).
- Added text to SHA-1 to state that use is DISCOURAGED (but still REQUIRED).
- Added text to HMAC-SHA1 to state that use is DISCOURAGED
- Change so that DSAwithSHA1 is only REQUIRED as Signature algorithm for Signature verification, but is OPTIONAL for Signature generation. Previously it was REQUIRED for both.
- Added text to indicate that use of RSA-SHA1 and ECDSA-SHA1 is DISCOURAGED.
Enable alternatives to SHA-1
- Changed HMAC-SHA256 to REQUIRED
- Changed HMAC-SHA384, HMAC-SHA512 to RECOMMENDED (from OPTIONAL).
Discourage use of XPath transform by adding a note that implementation requirements for XPath transform may be downgraded to optional in future version of specification.
Added minimum output length for HMACOutputLength parameter in SignatureMethod

2.3 Other Algorithm-related Changes

Clarify DSA family with respect to FIPS 186-3.
Clarify RSA SignatureValue computation.
Clarify inputs and outputs of algorithms, specifically Canonical XML 1.0 and Canonical XML 1.1 canonicalization, Base64, XPath filtering, and Enveloped Signature Transform, and XSLT Transform algorithms.
Add recommendation to use least expressive transform possible to achieve result.

2.4 `KeyInfo` Changes

2.4.1 General Changes

REQUIRED support of KeyValue formats for DSA, RSA (REQUIRED now, no longer RECOMMENDED), and ECDSA
Add new KeyInfo child elements with corresponding URIs
- ECKeyValue, ECParameters
- DEREncodedKeyValue
Add sections on how to use additional KeyInfo child elements
- Describe use of XML Encryption EncryptedKey and DerivedKey Elements
- Add DEREncodedKeyValue - new representation for public keys
- Add KeyInfoReference - alternative to RetrievalMethod access to a KeyInfo element that does not require use of a Transform
Clarify for RetrievalMethod that a Transform is needed to obtain content of KeyInfo referenced by ID
Encourage use of new KeyInfoReference element instead of RetrievalMethod
Added profile of RFC 4050 with respect to ECDSA key formats.

2.4.2 `X509Data` Changes

Add dsig11:X509Digest to list of elements that may be included, to support reference via base64-encoded digest of a certificate
Add that the RECOMMENDED certificate encoding is BER or DER subset.
Deprecate and add note regarding use of X509IssuerSerial and possible issue with schema validation when large serial numbers are used.
Add note about the need to sign entire structure as a unit when using X509Data in explicitly trusted scenarios.

2.5 Clarifications

Clarify that C14N is needed as part of Reference validation since changes could occur in serialization after Signature generation.
Clarify canonicalization, removing Normalization Form C material.

2.6 Security Considerations Changes

Note possible concerns with digest algorithm resistance to collisions and strongly recommending use of SHA-256 in preference to SHA-1
Add new security consideration for implementations to limit information included in error responses for security algorithms.
Add security considerations regarding DSA key sizes.

2.7 Other Changes

No DTD use, XML Schema authoritative, RELAX NG informative.
New 1.1 namespace for new 1.1 schema items

Functional Explanation of Changes in XML Signature 1.1

W3C Working Group Note 11 April 2013

Abstract

Status of This Document

Table of Contents

1. Introduction

2. Changes

2.1 Algorithms Added

2.2 Algorithms Changed

2.3 Other Algorithm-related Changes

2.4 `KeyInfo` Changes

2.4.1 General Changes

2.4.2 `X509Data` Changes

2.5 Clarifications

2.6 Security Considerations Changes

2.7 Other Changes

A. References

A.1 Informative references

Functional Explanation of Changes in XML Signature 1.1

W3C Working Group Note 11 April 2013

Abstract

Status of This Document

Table of Contents

1. Introduction

2. Changes

2.1 Algorithms Added

2.2 Algorithms Changed

2.3 Other Algorithm-related Changes

2.4 KeyInfo Changes

2.4.1 General Changes

2.4.2 X509Data Changes

2.5 Clarifications

2.6 Security Considerations Changes

2.7 Other Changes

A. References

A.1 Informative references

2.4 `KeyInfo` Changes

2.4.2 `X509Data` Changes