- From: Greg Whitehead <gwhitehead@signio.com>
- Date: Thu, 11 Nov 1999 17:53:55 -0800
- To: DSig Group <w3c-ietf-xmldsig@w3.org>
> I was unimpressed by the reaction at the IETF meeting to the need to > omit Location and Transforms from the SignedInfo. Unimpressed because > the opinions seemed to be based on fear, either of complicating matters > or of creating security problems. I would prefer reasons grounded in > fact rather than fears. I just thought of a concrete example: SignatureMethod is included in SignedInfo to protect against a downgrade attack, should one of the currently approved signature methods be broken. Allowing arbitrary transformation of SignedInfo could potentially defeat this protection by allowing an attacker to introduce a transformation that substitutes in a broken SignatureMethod along with a reference to a modified object and other changes (exploiting the broken signature method to produce the original SignatureValue over the modified SignedInfo). -Greg
Received on Thursday, 11 November 1999 20:53:57 UTC