- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 29 Dec 2009 17:40:22 -0500
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>, Jörg Schwenk <joerg.schwenk@rub.de>, Ed Simon <edsimon@xmlsec.com>
All: Perhaps we should consider more carefully the prefix-free- canonicalization method described in the paper, for XML Canonicalization Version 2.0? This could greatly simplify both Canonical XML 2.0 for the default (new) variant? Given the simplicity perhaps the performance might not be a major issue, but we would have to look at this. regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG On Dec 1, 2009, at 4:08 PM, ext Ed Simon wrote: > The attached paper (attached with permission of its authors) describes > in detail the attack vector described in my 2009 April [1] post and > subsequent discussions (looks like we independently became concerned > about the same issue). Please review it so that we discuss whether > there > is general agreement that we need to address it. > > Thanks, > Ed > > [1] http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/ > 0025.html > > -------- Forwarded Message -------- > From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de> > To: edsimon@xmlsec.com, Meiko Jensen <Meiko.Jensen@rub.de>, Jörg > Schwenk > <joerg.schwenk@rub.de>, 'Thomas Roessler' <tlr@w3.org>, 'Frederick > Hirsch' <Frederick.Hirsch@nokia.com> > Subject: Re: namespace wrapping attacks against XML Signature? > Date: Tue, 24 Nov 2009 10:51:42 +0100 (CET) > > Hi Ed, see below... > > Ed Simon schrieb am 2009-11-23: >> Thanks Meiko, > > ... > >> Is the W3C allowed to post your paper to the W3C public archive list? > > Feel free to do so :) > > best regards from Bochum, Germany > > Meiko > >> Regards, >> Ed > > > > > > > > > > -- > ======================================== > Ed Simon > 613-726-9645 > edsimon@xmlsec.com > <sws5-jensen.pdf>
Received on Tuesday, 29 December 2009 22:44:01 UTC