On Friday 05 April 2002 21:37, Aleksey Sanin wrote: > Exactly! Algorithm substitution attack as you are describing it is > *exactly* the same as general attack "find signature for > algorithm+document without key". I'm not sure (if) to what degree this conversation is interesting discussion of what is a substitution attach versus an outstanding objection to the element being optional. I think we're in interesting discussion territory and have noted the issue closed, "Reagle: agree it is inconsistent, but no harm done and no consensus to change." [1] If this is not correct, please let me know. [1] http://www.w3.org/Encryption/2001/11/last-call-issues#CandidateREC -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/Received on Monday, 8 April 2002 18:04:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT