- From: Martin Gudgin <mgudgin@microsoft.com>
- Date: Mon, 9 Feb 2004 23:32:46 -0800
- To: <xml-dist-app@w3.org>
I took an action on the 2004-02-03 call to write up a security considerations section for MTOM. Here's a first cut. Comments welcome. Cheers Gudge Message Integrity The integrity of SOAP messages transmitted using the MTOM HTTP Binding may need to be ensured. As such messages can be transformed to an XML Information Set, from which an XPath 1.0 Data Model can be inferred, existing XML Digital Signature techniques can be used to protect such messages. Digests computed for this purpose would be over the base64 characters rather than the xbinc:Include elements. Existing canonicalization algorithms[C14N,EXCC14N] do not permit computing digests over the binary octets directly. Future canonicalization algorithms could describe a more efficient algorithm. Care should be taken when constructing an XPath node set as input to a canonicalization algorithm. Specifically, node sets where adjacent nodes are text nodes containing base64 characters should be avoided as an attacker could move base64 characters from one node to another without changing the digest value. Message Confidentiality The confidentiality of SOAP messages transmitted using the MTOM HTTP Binding may need to be ensured. As such messages can be transformed to an XML Information Set existing XML Encryption techniques can be used to protect such messages. Any part of a message can be encrypted, whether it includes base64 characters or not. The resulting CipherData can then be optimized because the content of such an element is base64 characters. In future a transform algorithm for use with xenc:CipherReference could provide a more efficient processing model where the raw octets are encrypted directly.
Received on Tuesday, 10 February 2004 02:32:53 UTC