W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

RE: XMLDSIG proposal: enveloped signatures, xpath and here()

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 25 Jul 2000 16:45:57 -0700
Message-Id: <3.0.5.32.20000725164557.019dadb0@localhost>
To: "John Boyer" <jboyer@PureEdge.com>
Cc: "Kevin Regan" <kevinr@valicert.com>, "TAMURA Kent" <kent@trl.ibm.co.jp>, <w3c-ietf-xmldsig@w3.org>, "Merlin Hughes" <merlin@baltimore.ie>
At 13:36 7/24/2000 -0700, John Boyer wrote:
 >The problem is that $signature-id is being set equal to the value of an
 >attribute that happens to be called 'id'.  Any number of elements could
have
 >such an attribute, and all could use the same 'id' value as the signature
in
 >order to have themselves omitted from the digest value computed over the
 >result of the XPath expression being evaluated.  Furthermore, having these
 >equivalent 'id' values is permissible under non-validating XML parsers and
 >also under validating parsers if the 'id' attribute is not actually of type
 >ID (and we have no way of knowing this).  Hence, security risk.
 
BTW: This is one of the reaons why I believe this schema/DTD validity
constraint must be enforced.


_________________________________________________________
Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Tuesday, 25 July 2000 16:46:21 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT