W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

RE: XMLDSIG proposal: enveloped signatures, xpath and here()

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 25 Jul 2000 16:45:57 -0700
Message-Id: <>
To: "John Boyer" <jboyer@PureEdge.com>
Cc: "Kevin Regan" <kevinr@valicert.com>, "TAMURA Kent" <kent@trl.ibm.co.jp>, <w3c-ietf-xmldsig@w3.org>, "Merlin Hughes" <merlin@baltimore.ie>
At 13:36 7/24/2000 -0700, John Boyer wrote:
 >The problem is that $signature-id is being set equal to the value of an
 >attribute that happens to be called 'id'.  Any number of elements could
 >such an attribute, and all could use the same 'id' value as the signature
 >order to have themselves omitted from the digest value computed over the
 >result of the XPath expression being evaluated.  Furthermore, having these
 >equivalent 'id' values is permissible under non-validating XML parsers and
 >also under validating parsers if the 'id' attribute is not actually of type
 >ID (and we have no way of knowing this).  Hence, security risk.
BTW: This is one of the reaons why I believe this schema/DTD validity
constraint must be enforced.

Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Tuesday, 25 July 2000 16:46:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:34 UTC