W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2009

[ACTION-412][Fwd: Re: namespace wrapping attacks against XML Signature?]

From: Ed Simon <edsimon@xmlsec.com>
Date: Tue, 01 Dec 2009 16:08:31 -0500
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>, Jörg Schwenk <joerg.schwenk@rub.de>
Message-Id: <1259701711.3264.19.camel@XMLSEC-BIZ.phub.net.cable.rogers.com>
The attached paper (attached with permission of its authors) describes
in detail the attack vector described in my 2009 April [1] post and
subsequent discussions (looks like we independently became concerned
about the same issue). Please review it so that we discuss whether there
is general agreement that we need to address it.

Thanks,
Ed

[1] http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0025.html

-------- Forwarded Message --------
From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>
To: edsimon@xmlsec.com, Meiko Jensen <Meiko.Jensen@rub.de>, Jörg Schwenk
<joerg.schwenk@rub.de>, 'Thomas Roessler' <tlr@w3.org>, 'Frederick
Hirsch' <Frederick.Hirsch@nokia.com>
Subject: Re: namespace wrapping attacks against XML Signature?
Date: Tue, 24 Nov 2009 10:51:42 +0100 (CET)

Hi Ed, see below...

Ed Simon schrieb am 2009-11-23:
> Thanks Meiko,

...

> Is the W3C allowed to post your paper to the W3C public archive list?

Feel free to do so :)

best regards from Bochum, Germany

Meiko

> Regards,
> Ed









-- 
========================================
Ed Simon
613-726-9645
edsimon@xmlsec.com 



Received on Tuesday, 1 December 2009 21:09:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:44:00 GMT