- From: Aleksey Sanin <aleksey@aleksey.com>
- Date: Sat, 18 Oct 2003 22:18:29 -0700
- To: Don Park <donpark@docuverse.com>
- Cc: 'Rich Salz' <rsalz@datapower.com>, gino.tesei@ekar.it, w3c-ietf-xmldsig@w3.org
>I think that is just a bug in the 3D-Secure DTD which was pulled out of the >spec before it was published. > It was not pulled out. It's in the current official spec you can download from Visa's website. Moreover, I know that several people (including myself) contacted Visa guys about this problem but the response basically was "we don't care". >As to why anyone would generate invalid ID, I have no idea. > > I haven't seen the code that does this but I bet that it generates N random bytes, base64 encodes them and result string is called "ID attribute". Of course, such strings could not be used as ID attributes (may start with number, may contain '+', etc.). Aleksey Sanin XML Security Library <http://www.aleksey.com/xmlsec>
Received on Sunday, 19 October 2003 01:18:35 UTC