- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 11 May 2010 17:49:30 +0200
- To: "Meiko Jensen" <Meiko.Jensen@ruhr-uni-bochum.de>
- Cc: Thomas Roessler <tlr@w3.org>, "XMLSec WG Public List" <public-xmlsec@w3.org>
Isn't this another instance of the more general effect that one shouldn't trust anything -- except for what one gets out of, e.g., evaluating a particular xpath? The real problem in the scenario you describe seems to be that neither side verifies that the xpath is what it's believed to be. -- Thomas Roessler, W3C <tlr@w3.org> (@roessler) On 11 May 2010, at 17:46, Meiko Jensen wrote: > Within the discussion on the XPath referencing style I remembered an > issue we came across lately: > > If an XPath contains syntactical errors, this does not result in a > visible error. It is only treated differently, and might just result in > referencing no node in the actual XML document. If that is not > considered as an error in the XML Signature specification, there is a > threat of someone screwing it up without noticing. Even the verifier > does not notice: nothing was referenced, so the digest is calculated > about the empty nodeset, hence about "". As this was exactly the same > input as at the signer side, hash values match => signature is valid. > However, it protects nothing in the document from modification. > > Hence, I recommend putting a sentence to XML Signature 2.0 stating that > a reference to an empty nodeset MUST be treated as a fault. > > best regards > > Meiko > > -- > Dipl.-Inf. Meiko Jensen > Chair for Network and Data Security > Horst Görtz Institute for IT-Security > Ruhr University Bochum, Germany > _____________________________ > Universitätsstr. 150, Geb. IC 4/150 > D-44780 Bochum, Germany > Phone: +49 (0) 234 / 32-26796 > Telefax: +49 (0) 234 / 32-14347 > http:// www.nds.rub.de > > >
Received on Tuesday, 11 May 2010 15:49:32 UTC