RE: XMLDSIG proposal: enveloped signatures, xpath and here()

At 13:36 7/24/2000 -0700, John Boyer wrote:
 >The problem is that $signature-id is being set equal to the value of an
 >attribute that happens to be called 'id'.  Any number of elements could
 >such an attribute, and all could use the same 'id' value as the signature
 >order to have themselves omitted from the digest value computed over the
 >result of the XPath expression being evaluated.  Furthermore, having these
 >equivalent 'id' values is permissible under non-validating XML parsers and
 >also under validating parsers if the 'id' attribute is not actually of type
 >ID (and we have no way of knowing this).  Hence, security risk.
BTW: This is one of the reaons why I believe this schema/DTD validity
constraint must be enforced.

Joseph Reagle Jr.   
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair

Received on Tuesday, 25 July 2000 16:46:21 UTC