Problem with canonical form?

I've found a security risk in canonical XML that I believe needs to be
covered. Simply stated through example (with probably large portions of xml
left out):

<... namespace declaration...>
<agreement>I agree to pay the amount(s) shown in the namespace</agreement>

once signed, can be later altered simply by changing the namespace
declaration from reading "Purchase Barbie for 19.95" to "Purchase Ferrari
for 150,000". The effect being that instead of getting a charge of 19.95 on
the credit card, the charge becomes 150,000. We have seen these security
risks become reality with servers being continually hacked all across the
internet. I can think of no immediate solution outside of embedding the
namespace file in the canonical XML. I don't think this problem will go
away, it will just get worse.

Received on Friday, 5 January 2001 17:43:10 UTC