- From: Aleksey Sanin <aleksey@aleksey.com>
- Date: Sun, 19 Oct 2003 12:41:23 -0700
- To: Don Park <donpark@docuverse.com>
- Cc: w3c-ietf-xmldsig@w3.org
>IMHO, these issues are of little importance to Visa, issuers, and merchants
>because there are not enough incentives for them to correct these problems
>at this time. Why in the world would a merchant want to pull down their
>system for even ten minutes so XML experts can sleep at night?
>
>Yes, I am guilty of having a bad attitude. Maybe I got infected...
>
>
If you think that all possible code to support 3D Secure is already done
and nobody
working on this these days then you are wrong. Just search xmlsec
library mailing list
http://www.aleksey.com/pipermail/xmlsec/
and see how many guys run into this problem in the last couple months.
And as someone pointed
out, the security implications of this error are not clear.
Anyway, I think that Visa can invent *any* protocol they want. The only
problem I have is that
they state that this protocol is based on XML, XPath, XInclude, XML DSig
and so on. As we already
agreed, this is not the case. They just need to remove mention of XML
DSig from their papers and
everyone would be happy :)
Aleksey Sanin
XML Security Library <http://www.aleksey.com/xmlsec>
Received on Sunday, 19 October 2003 15:41:20 UTC