Updated Signature 2.0 with minor edits from Pratik Datta on 2010-08-22 (public-xmlsec@w3.org from August 2010)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sun, 22 Aug 2010 08:29:20 -0700 (PDT)
To: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <ccaab531-cfde-470f-8591-9eb0da1e337c@default>

I made changes for the following actions

 

ACTION-615

  I made a new reference [XMLDSIG-XPATH] which points to http://www.w3.org/TR/2010/WD-xmldsig-xpath/  (Note: this location does not resolve to anything till we publish it)

 

ACTION-626

 I removed <DigestData> completely

 

ACTION-627

I added this section.  See http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/Overview.html#sec-Verification-2.0

<dsig2:PositionAssertion> is used to enable ID-based referencing that is more resistant to signature wrapping attacks. It contains an XPath expression that has to match the referenced content's position in the document. This way, instead of "selecting" the referenced element via XPath we just "verify" its position (which then is way more flexible in terms of what is really enforced), but stick to ID-based referencing in selection. The good thing about this approach is that implementations could simply ignore this verification assertion and rely solely on the ID-based referencing at the risk of being vulnerable to signature wrapping.

 

Pratik

Received on Sunday, 22 August 2010 15:31:25 UTC