- From: Philip Hallam-Baker <pbaker@verisign.com>
- Date: Wed, 30 Aug 2000 08:48:04 -0700
- To: "'Dan Connolly'" <connolly@w3.org>, w3c-ietf-xmldsig@w3.org
Received on Wednesday, 30 August 2000 11:48:37 UTC
> Yes. Since the signature includes a digest of > the eventual body content > <DigestValue>Y5SLN17HxLLMtTeuYGfYlBFmNlU=</DigestValue> > I don't see that following a redirect introduces > significant security risks that aren't inherent > in, say, using DNS to find the origin server > in the first place. (well... beware of bonehead > plays like looping redirects, but that's just > an operational risk, not anything terribly subtle) I don't think that DNS makes a difference. Consider the case in which you have DNSSEC (or equivalent) and so you have a trusted binding to the IP address and you also run IPSEC keying off an a DNSSEC secured key. It still makes sense to follow the redirect since you are being told authoritatively to 'go somewhere else'. Brians point may have been that the spec needs to make the intention clear on this point. The digest does not make a difference in practice since the relying party has to decide whether to trust the key, not the document signer. Thus the validation information may well be different for different relying parties. (Have a look at the Federal Bridge CA for examples :-) Phill
Received on Wednesday, 30 August 2000 11:48:37 UTC