- From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>
- Date: 6 Apr 2011 09:44:45 +0200
- To: "XMLSec WG Public List" <public-xmlsec@w3.org>
I've revisited the Best Practices document regarding additional wording about the correct use of XPath to counter signature wrapping threats. I came to the conclusion that though there's a lot more of "good advice" you could give here, it always strongly depends on your particular application context. Hence, giving advice that works in most cases but will even worsen the situation for the remaining few cases is a bad idea. All other best practices we have are rather tautologic, so I'd suggest to keep the document as is and close Action-716. best regards Meiko -- Dipl.-Inf. Meiko Jensen Chair for Network and Data Security Horst Görtz Institute for IT-Security Ruhr University Bochum, Germany _____________________________ Universitätsstr. 150, Geb. ID 2/411 D-44801 Bochum, Germany Phone: +49 (0) 234 / 32-26796 Telefax: +49 (0) 234 / 32-14347 http:// www.nds.rub.de
Received on Wednesday, 6 April 2011 07:45:10 UTC