W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2010

Updated Signature 2.0 with minor edits

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sun, 22 Aug 2010 08:29:20 -0700 (PDT)
Message-ID: <ccaab531-cfde-470f-8591-9eb0da1e337c@default>
To: XMLSec WG Public List <public-xmlsec@w3.org>
I made changes for the following actions



  I made a new reference [XMLDSIG-XPATH] which points to http://www.w3.org/TR/2010/WD-xmldsig-xpath/  (Note: this location does not resolve to anything till we publish it)



 I removed <DigestData> completely



I added this section.  See http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/Overview.html#sec-Verification-2.0

<dsig2:PositionAssertion> is used to enable ID-based referencing that is more resistant to signature wrapping attacks. It contains an XPath expression that has to match the referenced content's position in the document. This way, instead of "selecting" the referenced element via XPath we just "verify" its position (which then is way more flexible in terms of what is really enforced), but stick to ID-based referencing in selection. The good thing about this approach is that implementations could simply ignore this verification assertion and rely solely on the ID-based referencing at the risk of being vulnerable to signature wrapping.



Received on Sunday, 22 August 2010 15:31:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:14 UTC