can also read the information, were attained by
applying XML encoding to X.509 certificates in the
test implementation for signing Web pages.
Current browsers such as Microsoft Internet
Explorer (Microsoft) and Mozilla Firefox (Mozilla)
have capabilities to handle signed resources.
However, they do not provide an easy way of
signing a whole Web page, and their capabilities are
browser-specific. A method of signing Web pages
using PGP was proposed (Bell, 1996) and is used on
the Web. Our proposal has advantages in that
because it is based on the XML Signature, it
matches Web technology (HTML/XHTML) and any
browser can implement it.
We tentatively proposed adding a new tag to
HTML/XHTML for a signed Web page to refer to
the signature information of the page. In the future,
such capabilities will need to be specified to
conform with the meta-information capabilities of
the Semantic Web.
5 CONCLUSION
We proposed extensions to the XML Signature
Recommendation to include XML encoding of
X.509 certificates. With our proposal, full X.509
certificate information can be represented in XML.
We implemented an encoding converter that
transforms between the ASN.1 encoding and XML
encoding of X.509 certificates and verified the
validity of our proposal.
We applied the extended XML Signature to Web
page signing. We proposed the scheme for signed
Web pages based on the XML Signature and
conducted a test implementation. We verified that
the proposed scheme could easily be implemented
and incorporated into the current Web environment,
as well as the effectiveness of the extended XML
Signature. Users can verify the authenticity of Web
pages with a simple action as we did in the test
implementation.
Areas for future standardization were identified
through our study. These are a fully XML based
digital certificate format with a signature to XML
encoded information, an enhanced XML Signature
Recommendation incorporating the fully XML
based digital certificate, and an scheme for XML
Signature based Web page signing with possible
extensions to HTML/XHTML. Another area is a
unified Web page signing scheme and the Semantic
Web scheme. We believe this study will help
accelerate standardization in these areas.
REFERENCES
W3C, 2002a. XML Encryption Syntax and Processing.
W3C Recommendation 10 December 2002.
http://www.w3.org/TR/2002/REC-xmlenc-core-
20021210/
W3C, 2002b. XML-Signature Syntax and Processing.
W3C Recommendation 12 February 2002.
http://www.w3.org/TR/2002/REC-xmldsig-core-
20020212/
W3C, 2002c. XHTML™ 1.0 The Extensible HyperText
Markup Language (Second Edition). W3C
Recommendation 26 January 2000, revised 1 August
2002.
http://www.w3.org/TR/2002/REC-xhtml1-20020801
ITU, 2000. Information technology – Open Systems
Interconnection – The Directory: Public-key and
attribute certificate frameworks. ITU-T
Recommendation X.509.
ITU, 2002a. Information technology – Abstract Syntax
Notation One (ASN.1): Specification of basic
notation. ITU-T Recommendation X.680.
ITU, 2002b. Information technology – ASN.1 encoding
rules: Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER). ITU-T Recommendation
X.690.
ITU, 2003. Information technology – ASN.1 encoding
rules: XML Encoding Rules (XER). ITU-T
Recommendation X.693.
Flanagan, D., 2000. Java Examples in a Nutshell, Second
Edition. Oreilly & Associates Inc.
Imamura, T. , Maruyama, H., 2000. ASN.1/XML
Translator and Its Application to Certification
Authorities. In SCIS2000 (Symposium on
Cryptography and Information Security 2000) (in
Japanese)
Mozilla. Network Security Services (NSS). Mozilla org.
http://www.mozilla.org/projects/security/pki/nss/
Microsoft. ActiveX Controls. Microsoft Corporation.
http://msdn.microsoft.com/workshop/components/
activex/activex_node_entry.asp
Bell, N., 1996. PGP signed web-pages.
http:// members.aol.com/EJNBell/pgp-www.html
SECRYPT 2006 - INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY
412