- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Mon, 22 Sep 2008 16:21:04 -0400
- To: "Hirsch Frederick (Nokia-OCTO/Boston)" <frederick.hirsch@nokia.com>
- Cc: XMLSec WG Public List <public-xmlsec@w3.org>
Hirsch Frederick (Nokia-OCTO/Boston) wrote: > > All > > We have some items to complete before publishing the Best Practices as a > first working draft. > If we can complete these items before 7 October, then we can agree at > that meeting to the changes, incorporate them before the F2F and agree > to publish during the F2F (unless we are able to agree to publish on 7 > October). > > 1) Please review the current Best Practices draft so that we can approve > as working draft for publication. Please post any comments to the list > by next week. > > http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ A couple of comments on section 2.1.3 I don't understand how an implementation would process this RetrievalMethod recursively in an endless loop. I think a valid implementation should dereference the RetrievalMethod once, pass the result through any transforms and return the resulting XML Structure (or KeyInfo if it is one of the types in [1]). I think that in order for this attack to succeed, the reference processing model would need to support reference chaining, but AFAICT it doesn't allow that. Also, there is a duplicate best practice #5 in this section. (Section 2.1.2 contained best practice #5). --Sean [1] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-KeyInfo
Received on Monday, 22 September 2008 20:21:55 UTC