W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2009

RE: [ACTION-412][Fwd: Re: namespace wrapping attacks against XML Signature?]

From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 29 Dec 2009 16:36:06 -0500
To: "'Frederick Hirsch'" <Frederick.Hirsch@nokia.com>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>, "'Pratik Datta'" <PRATIK.DATTA@oracle.com>, "'Ed Simon'" <edsimon@xmlsec.com>
Message-ID: <002201ca88ce$ee41f160$cac5d420$@2@osu.edu>
Frederick Hirsch wrote on 2009-12-29:
> We probably should add more information on the issues related to
> prefix-rewriting to the requirements, with some examples like this. We
> need to be clear that it is not a complete explanation, but provide
> some information on the issues around the topic.

My point was just that unless I'm missing something, this isn't one of the
use cases or issues which rewriting helps. The only one I'm aware of is to
accommodate broken tools, actually.

-- Scott
Received on Tuesday, 29 December 2009 21:36:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 29 December 2009 21:36:45 GMT