W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2009

HMAC erratum posted (VU#466161)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 14 Jul 2009 20:40:24 +0200
Message-Id: <2FE05908-B5E7-4348-ADFF-BD182754AE27@w3.org>
To: "public-xmlsec@w3.org Public List" <public-xmlsec@w3.org>
Hello,

we've just posted the proposed correction to XML Signature:
   http://www.w3.org/2008/06/xmldsigcore-errata.html#e03

Home page news:
   http://www.w3.org/News/2009#item128

A blog item will be available here shortly:
   http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

I don't yet see the vulnerability note at CERT online.

Thanks to RSA for the kind words here:
   http://www.rsa.com/blog/blog_entry.aspx?id=1492

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 14 July 2009 18:40:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:59 GMT