- From: Bruce Rich <brich@us.ibm.com>
- Date: Tue, 26 Aug 2008 07:34:24 -0500
- To: public-xmlsec@w3.org
- Message-ID: <OF2111E537.C209A92A-ON862574B1.0043763A-862574B1.00451263@us.ibm.com>
Sean, I am in sympathy with your approach. However, the processing order you suggest below (which may be correct for performance) is contrary to that which is recommended for Best Practice #1 ( http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service ). It may be too early to consider that dimension as well, but at some point we will need to think about mitigation of risk in a highly-performant profile. It may be that we can sidestep the issue by excluding from the profile the type of interactions that drove the best-practices recommendation. Bruce A Rich brich at-sign us dot ibm dot com Sean Mullan wrote on 08/21/2008 12:22:49 PM: > > It also occured to me that many of these minimal processing and > verification issues could be solved if the xml signature was always > stored in a separate xml document, and somehow safely associated or > packaged with what it is signing (like a zip file). Then a validator > could first parse/verify the signature, authenticate the signer, and > then validate the reference digests in the document(s) in a streaming > manner. Has anyone thought about that and making this a requirement for > a minimal profile? >
Received on Tuesday, 26 August 2008 12:35:12 UTC