W3C home > Mailing lists > Public > www-xkms@w3.org > June 2004

Another question (Signatures)

From: Berin Lautenbach <berin@wingsofhermes.org>
Date: Wed, 23 Jun 2004 21:05:23 +1000
Message-ID: <40D963F3.90504@wingsofhermes.org>
To: www-xkms@w3.org

Hey all,

Another obvious thought (I'm good at them :>).

I assume there is a requirement on implementations to ensure that the 
signature(s) in a message actually refer(s) to the XKMS content.  That's 
probably pretty obvious, but I can see some fairly trivial attacks 
against implementations that just check a signature is valid without 
ensuring that the reference actualy refers to the XKMS message.

Is this something worth mentioning in the security section?

Cheers,
	Berin
Received on Wednesday, 23 June 2004 07:05:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:22 GMT