At 13:36 7/24/2000 -0700, John Boyer wrote: >The problem is that $signature-id is being set equal to the value of an >attribute that happens to be called 'id'. Any number of elements could have >such an attribute, and all could use the same 'id' value as the signature in >order to have themselves omitted from the digest value computed over the >result of the XPath expression being evaluated. Furthermore, having these >equivalent 'id' values is permissible under non-validating XML parsers and >also under validating parsers if the 'id' attribute is not actually of type >ID (and we have no way of knowing this). Hence, security risk. BTW: This is one of the reaons why I believe this schema/DTD validity constraint must be enforced. _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/Received on Tuesday, 25 July 2000 16:46:21 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT