W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Omitting Location and Transforms from SignedInfo

From: Greg Whitehead <gwhitehead@signio.com>
Date: Thu, 11 Nov 1999 17:53:55 -0800
Message-ID: <6B962A1EE646D31193270008C7A4BAB5381E9E@mail.paymentnet.com>
To: DSig Group <w3c-ietf-xmldsig@w3.org>
> I was unimpressed by the reaction at the IETF meeting to the need to
> omit Location and Transforms from the SignedInfo. Unimpressed because
> the opinions seemed to be based on fear, either of complicating matters
> or of creating security problems.  I would prefer reasons grounded in
> fact rather than fears.

I just thought of a concrete example:

SignatureMethod is included in SignedInfo to protect against a downgrade
attack, should one of the currently approved signature methods be broken.

Allowing arbitrary transformation of SignedInfo could potentially defeat
this protection by allowing an attacker to introduce a transformation that
substitutes in a broken SignatureMethod along with a reference to a modified
object and other changes (exploiting the broken signature method to produce
the original SignatureValue over the modified SignedInfo).

-Greg
Received on Thursday, 11 November 1999 20:53:57 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT