W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2010

Re: How to deal with null references?

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 11 May 2010 17:49:30 +0200
Cc: Thomas Roessler <tlr@w3.org>, "XMLSec WG Public List" <public-xmlsec@w3.org>
Message-Id: <00759E1B-42C1-4AC7-BDBC-9388B4984C3F@w3.org>
To: "Meiko Jensen" <Meiko.Jensen@ruhr-uni-bochum.de>
Isn't this another instance of the more general effect that one shouldn't trust anything -- except for what one gets out of, e.g., evaluating a particular xpath?

The real problem in the scenario you describe seems to be that neither side verifies that the xpath is what it's believed to be.
--
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)







On 11 May 2010, at 17:46, Meiko Jensen wrote:

> Within the discussion on the XPath referencing style I remembered an
> issue we came across lately:
> 
> If an XPath contains syntactical errors, this does not result in a
> visible error. It is only treated differently, and might just result in
> referencing no node in the actual XML document. If that is not
> considered as an error in the XML Signature specification, there is a
> threat of someone screwing it up without noticing. Even the verifier
> does not notice: nothing was referenced, so the digest is calculated
> about the empty nodeset, hence about "". As this was exactly the same
> input as at the signer side, hash values match => signature is valid.
> However, it protects nothing in the document from modification.
> 
> Hence, I recommend putting a sentence to XML Signature 2.0 stating that
> a reference to an empty nodeset MUST be treated as a fault.
> 
> best regards
> 
> Meiko
> 
> -- 
> Dipl.-Inf. Meiko Jensen
> Chair for Network and Data Security 
> Horst Görtz Institute for IT-Security 
> Ruhr University Bochum, Germany
> _____________________________
> Universitätsstr. 150, Geb. IC 4/150
> D-44780 Bochum, Germany
> Phone: +49 (0) 234 / 32-26796
> Telefax: +49 (0) 234 / 32-14347
> http:// www.nds.rub.de
> 
> 
> 
Received on Tuesday, 11 May 2010 15:49:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 11 May 2010 15:49:33 GMT