W3C home > Mailing lists > Public > www-xkms@w3.org > June 2004

Another question (Signatures)

From: Berin Lautenbach <berin@wingsofhermes.org>
Date: Wed, 23 Jun 2004 21:05:23 +1000
Message-ID: <40D963F3.90504@wingsofhermes.org>
To: www-xkms@w3.org

Hey all,

Another obvious thought (I'm good at them :>).

I assume there is a requirement on implementations to ensure that the 
signature(s) in a message actually refer(s) to the XKMS content.  That's 
probably pretty obvious, but I can see some fairly trivial attacks 
against implementations that just check a signature is valid without 
ensuring that the reference actualy refers to the XKMS message.

Is this something worth mentioning in the security section?

Received on Wednesday, 23 June 2004 07:05:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:42 UTC