W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2009

HMAC erratum posted (VU#466161)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 14 Jul 2009 20:40:24 +0200
Message-Id: <2FE05908-B5E7-4348-ADFF-BD182754AE27@w3.org>
To: "public-xmlsec@w3.org Public List" <public-xmlsec@w3.org>
Hello,

we've just posted the proposed correction to XML Signature:
   http://www.w3.org/2008/06/xmldsigcore-errata.html#e03

Home page news:
   http://www.w3.org/News/2009#item128

A blog item will be available here shortly:
   http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

I don't yet see the vulnerability note at CERT online.

Thanks to RSA for the kind words here:
   http://www.rsa.com/blog/blog_entry.aspx?id=1492

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 14 July 2009 18:40:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:11 UTC