- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 27 Jan 2009 22:45:42 +0100
- To: XML Security Working Group WG <public-xmlsec@w3.org>
It just occured to me that spurious XML namespace declarations on <SignatureMethod> elements might be a handy way to hide garbage if an attacker was to exploit collisions in a hash algorithm used for signatures. I wonder whether we want to deal with that in any way. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 27 January 2009 21:45:52 UTC