W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2003

Re: How much XML Signature is mature?

From: Aleksey Sanin <aleksey@aleksey.com>
Date: Sat, 18 Oct 2003 22:18:29 -0700
Message-ID: <3F921EA5.40306@aleksey.com>
To: Don Park <donpark@docuverse.com>
Cc: 'Rich Salz' <rsalz@datapower.com>, gino.tesei@ekar.it, w3c-ietf-xmldsig@w3.org 


>I think that is just a bug in the 3D-Secure DTD which was pulled out of the
>spec before it was published.  
>
It was not pulled out. It's in the current official spec you can 
download from Visa's website.
Moreover, I know that several people (including myself) contacted Visa 
guys about this
problem but the response basically was "we don't care".

>As to why anyone would generate invalid ID, I have no idea.
>  
>
I haven't seen the code that does this but I bet that it generates N 
random bytes, base64 encodes
them and result string is called "ID attribute". Of course, such strings 
could not be used as ID
attributes (may start with number, may contain '+', etc.).


Aleksey Sanin
XML Security Library  <http://www.aleksey.com/xmlsec>
Received on Sunday, 19 October 2003 01:18:35 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:17 GMT