- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Tue, 26 Aug 2008 09:19:27 -0400
- To: Bruce Rich <brich@us.ibm.com>
- Cc: public-xmlsec@w3.org
Actually, my approach would be consistent with best practice #1. The detached signature is validated first and then the references are validated. --Sean Bruce Rich wrote: > > Sean, > > I am in sympathy with your approach. However, the processing order you > suggest below (which may be correct for performance) > is contrary to that which is recommended for Best Practice #1 > (http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service). > > It may be too early to consider that dimension as well, but at some > point we will need to think about mitigation of risk in a > highly-performant profile. > It may be that we can sidestep the issue by excluding from the profile > the type of interactions that drove the best-practices recommendation. > > Bruce A Rich > brich at-sign us dot ibm dot com > > > Sean Mullan wrote on 08/21/2008 12:22:49 PM: > > > > > It also occured to me that many of these minimal processing and > > verification issues could be solved if the xml signature was always > > stored in a separate xml document, and somehow safely associated or > > packaged with what it is signing (like a zip file). Then a validator > > could first parse/verify the signature, authenticate the signer, and > > then validate the reference digests in the document(s) in a streaming > > manner. Has anyone thought about that and making this a requirement for > > a minimal profile? > >
Received on Tuesday, 26 August 2008 13:20:23 UTC