[whatwg] Signatures

Ian Hickson ian at hixie.ch
Wed Jul 30 18:21:57 PDT 2008

Over the years a number of e-mails have been sent to the list about 
signatures and other public key cryptography topics, most of which are 
quoted below.

For a number of reasons, not least of which my lack of expertise in the 
area, the size of the HTML5 spec today, and the low level of demand for 
these features, I have decided to not cover this topic in HTML5, and 
instead rely on other groups to define these features.

I include a representative sampling of the e-mails sent to the WHATWG on 
the topic below, so that if anyone wishes to work on this topic, they can 
use this feedback. I encourage people interested in this topic to approach 
the IETF, where work on these issues has historically taken place.

On Sun, 29 Oct 2006, Anders Rundgren wrote:
> It is equally interesting that W3C intends to start a new browser 
> authentication WG but have excluded digital signatures and key 
> provisioning from the charter in spite of the fact that about 10M people 
> today have to use proprietary browser-plugins in order to get their work 
> done.  Maybe an answer to that is that this is only happening in the EU 
> which in this particular space is roughly 5 years ahead of the US 
> government and financial industry.

On Mon, 30 Oct 2006, Michael(tm) Smith wrote:
> The use of proprietary mechanisms (mostly ActiveX controls) for digital 
> signatures is common in Korean sites as well, including Korean 
> government sites.

On Mon, 30 Oct 2006, Anders Rundgren wrote:
> That's right. They sure are proprietary; I was not even able to get the 
> Korean e-goverment signature spec since it is "secret"!

On Tue, 31 Oct 2006, Channy Yun wrote:
> Korean mechanism is same with general pki's. Its structure has been 
> followed by pki standards and browser user-interface for certificates. 
> The different things has own 128bit cryptography algorithm so called 
> SEED and adds digital signature for messages to be legal authorizing. 
> This spec is not secret and gives in http://www.rootca.or.kr/maine.jsp

On Mon, 30 Oct 2006, Anders Rundgren wrote:
> I may have been careless but I could not find the spec of the activeX 
> control (or similar) that is what I refer to as the proprietary 
> solution.
> I may also have confused Korea with Hongkong who definitely claimed that 
> their scheme requires an NDA.  The same goes for the Australian scheme 
> which is not public.
> BTW, the Swedish and Norwegian government's signature systems are also 
> secret since they are developed by banks.

On Wed, 1 Nov 2006, Channy Yun wrote:
> As you said, we may not get sufficient informations to standardize 
> digital signature. But, in case of Korea, I'll sufficiently give them. 
> The spec. and interface are almost standardized by governmental rules to 
> all vendors.
> In Korea, the own cryptic algorithm has been encouraged, so vendors 
> couldn't use browser-implemented things such as DES. This is first 
> reason to use activex controls.
> Second is for digital signature. Legally, all data must be signed by 
> user's key. When the money is sent, it needs to know who sends the 
> money. So activex control has almost same user interface with browser's 
> certificate manager.
> When an user enters an internet banking site, activex are embedded. 
> User's data by action go to activex control and are encrypted by SEED 
> and signed by user's key. Encrypted and signed data gives hidden form in 
> web page again. When an user submit it, the data were transferred to web 
> server. The server-side application decrypts and verifies the data and 
> proceeds proper actions. Web server transfers the web page by requested 
> actions.
> First thing is not standardized. National algorithm such as SEED or 
> Camella is problems between browser vendor and its governments. Second 
> can be done such as (re)issue and revocation of personal certificates, 
> the digital signature such as old crypto.sign.Text().
> As following is one of this efforts. 
> http://middleware.internet2.edu/pki06/proceedings/rundgren-websigning.ppt

On Wed, 1 Nov 2006, Channy Yun wrote:
> As I said in other thread, I think digital signature must be 
> standardized for secure and legal assurance of form data and I respect 
> your issuing and great jobs. But, we can simply think this issue in 
> range of this group. Most of forms directly go to web server via 
> urlencoded. If some indicators are given, browsers can execute signing 
> process.
> For example,
> <form name="sendmoney" action="/send.cgi" signed="signed">
> <input type="text" name="dollars" value="3.00">
> <input type="text" name="account" values="1234567890">
> <input type="submt" value="Sending Money!">
> </form>
> When an user clicks submit button, the dialog box will be opened for 
> selecting the private certificates to be signed. Server can understand 
> form data and attached signatures signed by browser via SSL.
> Or it can be applied each forms.
> <input type="text" name="dollars" value="3.00" signed="signed">
> Anyway it is browser's the function of digital signature such as 
> sign.Text() function. This idea make possible to handle easily them via 
> form.

On Tue, 31 Oct 2006, Anders Rundgren wrote:
> May I try to explain how I look on web-forms and digital signatures?
> Most people indeed come up with schemes like the one you described 
> because it seems so obvious.
> I work with a different concept which is not really form-oriented, but 
> rather view-oriented.  This is borrowed from what most e-commerce sites 
> use today.  First you create an order using arbitrary web methods 
> including <form>.  Then you typically input credit card data etc.  
> Eventually you are faced with a consolidate/aggregated purchase 
> transaction request which typically is just an HTML page with *static* 
> information plus an "OK" button.  When you hit OK, you do not send the 
> HTML page, only an acknowledge of the request you had on the screen.  
> Now, how does this map into digital signatures? The basic difference 
> with respect to the OK button is that the returned result contains a 
> signature over the view.  The actual (internal) transaction data is 
> typically not signed since it is
> - already is known in advance by the server otherwise
>   it wouldn't have been able to create a view to the user.
> - may not have any visual representation at all.
> What's more, the service also does its own calculation of message 
> digests of the transaction request view and is thus able to immediately 
> verify not only the signatures validity but that the user actually had 
> the proper content in his/her browser.  The signature is subsequently 
> stored close to the real transaction record for supporting unlikely (but 
> possible), future dispute resolutions.
> There is an inherent problem with your suggested form:
> <form name="sendmoney" action="/send.cgi" signed="signed">
> <input type="text" name="dollars" value="3.00">
> <input type="text" name="account" values="1234567890">
> <input type="submt" value="Sending Money!"></form>
> because in a real-world case it would probably read:
> <form name="sendmoney" action="/send.cgi" signed="signed">
> <input type="text" name="dollars">
> <input type="text" name="account">
> <input type="submt" value="Sending Money!"></form>
> which means that you sign data that has not first passed a server's 
> validation.  Although XForms can do validation, I doubt XForms are 
> suitable for anything but simple applications. Server-based validation 
> can also cope with transactional issues that XF can't like bookings.
> Also I wonder what you meant should be sent to the server. The signed 
> attributes only?  I think this is a half-baked idea since the rest of 
> the document may contain important data that could affect the user's 
> decision to sign th data.  The "fine print" for example :-) If you sign 
> a house contract you don't sign the sales value but a lot of text and 
> conditions.  Digital signatures should IMHO afhere to this notion.
> In case there would be embedded objects like CSS or IMG in the HTML page 
> holding the <form> they should also in some way be signed?  Now we have 
> a brand new format: Signed HTML. WASP does not need any specific signed 
> HTML because its method is a bit like S/MIME although in XML.
> In addition to that there are some cryptographic stuff that needs to be 
> addressed which makes the rather innocent "signed" attribute grow quite 
> a bit.  If you look on the WASP CertificateFilter it is a good example 
> of how complex it can be to sign.
> We also need an attachment feature.  It is a bit unclear how that could 
> be met with a <form> based approach unless all input is done in a single 
> form which would be very constraining.
> To not be stuck with HTML but also allow MS office, PDF Open Document we 
> also need some other mechanism.
> This is at least how WASP was conceived
> In case you have an example of a Korean HTML signature, I would be happy 
> to get a copy.

On Wed, 1 Nov 2006, Alexey Feldgendler wrote:
> What benefit does this provide over simply using HTTPS with a 
> client-side certificate?

On Wed, 1 Nov 2006, Channy Yun wrote:
> Using HTTPS with a client-side certificate doesn't support digital 
> signature.The digital signature is same with the signing or stamp of 
> contract in real world. Many governments encourage to add digital 
> signature to transactional data (form data). It legally assures data and 
> transactions signed(added digital signature) by user's certificates.

On Wed, 1 Nov 2006, Alexey Feldgendler wrote:
> The purpose of a digital signature is to certify that the data submitted 
> by the client were not forged by an attacker. HTTPS with a client-side 
> certificate ensures the same.

On Thu, 2 Nov 2006, Anders Rundgren wrote:
> Digital signatures is as you say just a variation of authentication.  
> The things that the DS people wants to add are:
> - A "process" that differs from authentication from the user's point of 
> view
> - A persistent trace of the authenticated operation.  This is what the 
> signature adds to the picture.  HTTPS with client-side certificates have 
> no connection to content data since it occurs at the transport level.  
> Digital signatures are created at the application-level in the schemes 
> that Channy and I talk about.
> But it is a fact that strong authentication is an alternative to digital 
> signatures but some of use are trying to change that, not only for legal 
> reasons but for making a difference between "login" and "accept".


Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list