W3C home > Mailing lists > Public > public-xmlsec@w3.org > April 2011

My Action-716

From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>
Date: 6 Apr 2011 09:44:45 +0200
Message-ID: <4D9C19ED.8050101@ruhr-uni-bochum.de>
To: "XMLSec WG Public List" <public-xmlsec@w3.org>
I've revisited the Best Practices document regarding additional wording
about the correct use of XPath to counter signature wrapping threats. I
came to the conclusion that though there's a lot more of "good advice"
you could give here, it always strongly depends on your particular
application context. Hence, giving advice that works in most cases but
will even worsen the situation for the remaining few cases is a bad
idea. All other best practices we have are rather tautologic, so I'd
suggest to keep the document as is and close Action-716.

best regards

Meiko

-- 
Dipl.-Inf. Meiko Jensen
Chair for Network and Data Security 
Horst Görtz Institute for IT-Security 
Ruhr University Bochum, Germany
_____________________________
Universitätsstr. 150, Geb. ID 2/411
D-44801 Bochum, Germany
Phone: +49 (0) 234 / 32-26796
Telefax: +49 (0) 234 / 32-14347
http:// www.nds.rub.de
Received on Wednesday, 6 April 2011 07:45:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 6 April 2011 07:45:11 GMT