- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 25 Jul 2000 16:45:57 -0700
- To: "John Boyer" <jboyer@PureEdge.com>
- Cc: "Kevin Regan" <kevinr@valicert.com>, "TAMURA Kent" <kent@trl.ibm.co.jp>, <w3c-ietf-xmldsig@w3.org>, "Merlin Hughes" <merlin@baltimore.ie>
At 13:36 7/24/2000 -0700, John Boyer wrote: >The problem is that $signature-id is being set equal to the value of an >attribute that happens to be called 'id'. Any number of elements could have >such an attribute, and all could use the same 'id' value as the signature in >order to have themselves omitted from the digest value computed over the >result of the XPath expression being evaluated. Furthermore, having these >equivalent 'id' values is permissible under non-validating XML parsers and >also under validating parsers if the 'id' attribute is not actually of type >ID (and we have no way of knowing this). Hence, security risk. BTW: This is one of the reaons why I believe this schema/DTD validity constraint must be enforced. _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 25 July 2000 16:46:21 UTC