W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: EncryptionMethod in XMLEnc and SignatureMethod in XMLDSig

From: Aleksey Sanin <aleksey@aleksey.com>
Date: Tue, 02 Apr 2002 08:53:48 -0800
Message-ID: <3CA9E21C.3090401@aleksey.com>
To: Karel Wouters <Karel.Wouters@esat.kuleuven.ac.be>
Cc: xml-encryption@w3.org
I am not sure I got your point about replacing the SignatureMethod with 
weaker version.
If the application have algorithm A in the context then it will verify 
the message using
this algorithm A. The attacker *could not* change it. If the algorithm A 
is weak then
application has a problem in both cases (SignatureMethod specified or not).


Karel Wouters wrote:

>I think that SignatureMethod in ds:SignedInfo should be present in
>each signature, because it restricts the attacker:
>If I leave out SignatureMethod, the attacker might be able to come up with
>a weaker SignatureMethod, tamper with the references and claim that the
>signature was produced with this method.
>RSA with a weak hash algorithm would suffice.
>(actually, he might produce 'any' signature if the hash function is weak
>So specifying the SignatureMethod ensures the verifier that this signature
>is generated with a solid technique.
>(mailinglist, correct me if I'm wrong)
Received on Tuesday, 2 April 2002 11:49:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC