W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: EncryptionMethod in XMLEnc and SignatureMethod in XMLDSig

From: Aleksey Sanin <aleksey@aleksey.com>
Date: Fri, 05 Apr 2002 13:33:28 -0800
Message-ID: <3CAE1828.3060007@aleksey.com>
To: Blair Dillaway <blaird@microsoft.com>
CC: Tom Gindin <tgindin@us.ibm.com>, xml-encryption@w3.org
I still could not understand the algorithm substitution attack on XML DSig
if the SignatureMethod is ommited. The application expects that the 
signature
will be generated using algorithm A (this algorithm is is *hard coded* in
the application context). Suppose that someone generated signature using 
algorithm B.
If application successfully validates this signature using *hard coded* 
algorithm A
then IMHO it's the same as if an evil guy simply "guessed" the signature 
for
algorithm A. IMHO, this simply means that algorithm A is weak and must not
be used as signature algorithm at all (evil guy can guess signature 
*w/o* keys!!!)


Aleksey.

Blair Dillaway wrote:

>I agree with you. Alg substitution isn't a very useful attack on XML Enc
>or XML Sig with the algorithms defined in the spec.  If one used some
>other algorithms, then it might be an issue for Sig.  Though, one might
>question the wisdom of using a signature alg open to this type of
>attack.
>
>Blair
>
Received on Friday, 5 April 2002 16:34:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC