W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Another place to put garbage for collisions

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 27 Jan 2009 22:45:42 +0100
Message-Id: <993390A9-01B7-4A74-A4FF-F79FCAA01AB8@w3.org>
To: XML Security Working Group WG <public-xmlsec@w3.org>

It just occured to me that spurious XML namespace declarations on  
<SignatureMethod> elements might be a handy way to hide garbage if an  
attacker was to exploit collisions in a hash algorithm used for  

I wonder whether we want to deal with that in any way.

Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 27 January 2009 21:45:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC