Blair, Small tweak in my example (one <EncryptedData/> element and two <EncryptedKey /> elements pointing to each other) breaks the check you've described. I agree with you that there is no way to prevent a DoS attack. However, it is possible to make the "bad guys" life harder :) I don't suggest to change the XML Encryption design but I do think that a warning about possible problem is a good idea. Aleksey Blair Dillaway wrote: >In your example, the RetrievalMethod indicates you are to retrieve an >EncryptedKey. Shouldn't your code immediately error when it finds the >target of the URI is an EncryptedData? > >In any event, we had a fairly long discussion on DoS issues when this >activity started and realized there is no way to prevent them and also >meet our goal of creating a general purpose and flexible system. Its >fairly easy to construct examples that will cause a recipient to very >deeply recurse (possibly infinite) looking for a decryption key. I >suppose one could support an application defined recursion limit to try >and bound this problem, but addressing DoS attacks was not a goal of the >WG. > >Blair >Received on Thursday, 11 April 2002 13:09:18 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT