W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Another place to put garbage for collisions

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 27 Jan 2009 22:45:42 +0100
Message-Id: <993390A9-01B7-4A74-A4FF-F79FCAA01AB8@w3.org>
To: XML Security Working Group WG <public-xmlsec@w3.org>

It just occured to me that spurious XML namespace declarations on  
<SignatureMethod> elements might be a handy way to hide garbage if an  
attacker was to exploit collisions in a hash algorithm used for  
signatures.

I wonder whether we want to deal with that in any way.

--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 27 January 2009 21:45:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT