W3C home > Mailing lists > Public > xml-dist-app@w3.org > February 2002

Re: Proposal for resolution of issue 176

From: Rich Salz <rsalz@zolera.com>
Date: Mon, 11 Feb 2002 22:21:31 -0500
Message-ID: <3C688A3B.180E9F4@zolera.com>
To: Christopher Ferris <chris.ferris@sun.com>
CC: Henrik Frystyk Nielsen <henrikn@microsoft.com>, Noah Mendelsohn <noah_mendelsohn@us.ibm.com>, xml-dist-app@w3.org
Chris, your note starts to bring up the subtleties involved in signing
SOAP messages. Since intermediaries can add or remove header elements,
how can I as a sender sign message to be robust in the face of buggy or
malicious intermediaries who might add header elements with the same
QNAME as I originally signed? I think we need to define an ID attribute,
just like soap-enc.  Is there another approach I've missed?

Perhaps more importantly, if intermediate rewrites make it unrealistic
to sign an entire message, but I instead must enumerate the applicable
elements, then I can't use XML C14N (because an adversary might change
namespace decls, as you pointed out), but must instead using exclusive
canonicalization, which just finished Last Call.
	/r$

-- 
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
Received on Monday, 11 February 2002 22:40:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:06 GMT