W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: EncryptionMethod in XMLEnc and SignatureMethod in XMLDSig

From: Karel Wouters <Karel.Wouters@esat.kuleuven.ac.be>
Date: Tue, 2 Apr 2002 16:00:17 +0200 (CEST)
To: Aleksey Sanin <aleksey@aleksey.com>
cc: xml-encryption@w3.org
Message-ID: <Pine.LNX.4.44.0204021539370.801-100000@weierstrass.esat.kuleuven.ac.be>
Hi,

I think that SignatureMethod in ds:SignedInfo should be present in
each signature, because it restricts the attacker:
If I leave out SignatureMethod, the attacker might be able to come up with
a weaker SignatureMethod, tamper with the references and claim that the
signature was produced with this method.
RSA with a weak hash algorithm would suffice.
(actually, he might produce 'any' signature if the hash function is weak
enough)

So specifying the SignatureMethod ensures the verifier that this signature
is generated with a solid technique.

(mailinglist, correct me if I'm wrong)

Karel.

On Mon, 1 Apr 2002, Aleksey Sanin wrote:

> Sorry for mistype, actually Imeant SignatureMethod in XMLDSig:
>
> A minor issue but probably it's worth to fix it: the EncryptionMethod
> in XMLEncryption and SignatureMethod in XMLDSig both have the same meaning:
> algorithm selection. However, EncryptionMethod is *optional* element and
> SignatureMethod is *required*. From my point of view it is inconsistent.
> Either both should be required or both should be optional. I would prefer
> the second (both optional) since application can have this
> information from the context.
>
>
> Aleksey Sanin <aleksey@aleksey.com>
> http://www.aleksey.com/xmlsec
>
>
Received on Tuesday, 2 April 2002 07:57:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC