On Thursday 11 April 2002 13:08, Aleksey Sanin wrote: > I don't suggest > to change the XML Encryption design but I do think that a warning > about possible problem is a good idea. http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/#sec-Denial $Revision: 1.181 $ on $Date: 2002/04/12 20:42:15 $ GMT [[ 6.4 Denial of Service This specification permits recursive processing. For example, the following scenario is possible: EncryptedKey A requires EncryptedKey B to be decrypted, which itself requires EncryptedKey A! Or, an attacker might submit an EncryptedData for decryption that references network resources that are very large or continually redirected. Consequently, applications should be able to identify such attacks and restrict arbitrary recursion and the total amount of processing and networking resources a request can consume. ]]Received on Friday, 12 April 2002 16:54:44 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 27 May 2007 00:09:01 GMT