- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Thu, 23 Oct 2014 13:40:10 +0000
- To: "Booth, Harold" <harold.booth@nist.gov>
- CC: Wendy Seltzer <wseltzer@w3.org>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>, David Solin <david@joval.org>
On 10/23/14, 9:26 AM, "Booth, Harold" <harold.booth@nist.gov> wrote: >Hi Scott, > > Thank you for your responses. If I read your responses correctly: That all looks accurate to me. > >Do you mind if I forward both of your responses to the mailing list >(scap-dev@nist.gov) from which the discussion of this issue began? Sure. > You did a better job than I did countering the misconceptions >surrounding signature wrapping attacks and how to avoid them and I would >also like to be sure the group on that list are aware of those issues as >well as both best practices. I wasn't too precise in that email in discussing IDs and wrapping attacks, which are a fairly deep swamp, but if it's helpful, sure. -- Scott
Received on Thursday, 23 October 2014 13:40:41 UTC