- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Tue, 18 Dec 2001 12:32:24 +0100
- To: "Manoj K. Srivastava" <manoj@infomosaic.com>, w3c-ietf-xmldsig@w3.org
- Cc: xml-dsig-verification-schema@yahoogroups.com
Hi Manoj, --On Montag, 17. Dezember 2001 17:46 -0800 "Manoj K. Srivastava" <manoj@infomosaic.com> wrote: > I would like to collaborate with people involved with XML Signatures to > define a schema for providing XML Signature Verification results. As W3C > DSIG standard leaves this completely to the discretion of application > developers, an alternative effort is needed to define this schema. It > will help make XML Signatures widely usable. I think that you have to be very careful about how many information your implementation gives the application/user/attacker about a non-verifying signature. I know that there have been successful attacks on SSL because the server was too noisy and provided to much information about protocol failures. It must be ensured that such information cannot be exploited by an attacker. Regards, Christian
Received on Tuesday, 18 December 2001 06:29:31 UTC