Previous section.
Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group
Signed Manifests-Requirements
Signed manifests describe the integrity and authenticity of a
collection of digital objects, where the collection is specified as an
acyclic connected graph with an arbitrary number of nodes representing
arbitrary typed digital objects. Digital signaturing based on a public
key infrastructure is the basic integrity mechanism for verifying
manifests.
The following are requirements on the signed manifest:
-
Manifest must sit outside the objects being signed
-
Manifest must be capable of describing an acyclic graph representing an
arbitrary number of arbitrary typed digital objects including:
-
Live objects
-
Dynamic objects
-
Must be capable of specifying how the object is to be verified.
Check the object's integrity by:
-
Reference (URL, pathname, and so on, not the contents of the object)
-
Value (only the contents of the object excluding the pathname)
-
Reference and value (check both the URL, pathname and the contents)
-
Must support one or more unordered signers
-
Must support nested signing models.
Objects being signed can themselves be signed objects, such as:
-
Signed manifests
-
Objects with embedded signatures
-
PKCS#7 signed messages
-
Each signature must carry an unforgeable credential identifying the signer:
-
Digital certificate
-
Public key
-
Fingerprint
-
Must be extensible in the type and format of accepted signer's
credentials (certificate neutral):
-
X5.09 certificates
-
SDSI certificates
-
Signer's credentials can be either:
-
Embedded
-
Referenced via URL
-
Cryptographically neutral with respect to signing algorithms
-
Performs complete integrity validation:
-
Verify the integrity of the object
-
Verify the integrity of the manifest
-
Runtime continuous verification for live objects
-
Signature format must be based on standards
-
Manifest format must be based on standards
-
Support emerging standards:
-
New signature block formats
-
New certificate formats
-
use single pass verification of signature(s)
-
Verification must be capable of managing progressively rendered
object referents