W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: EncryptionMethod in XMLEnc and SignatureMethod in XMLDSig

From: Karel Wouters <Karel.Wouters@esat.kuleuven.ac.be>
Date: Tue, 2 Apr 2002 16:00:17 +0200 (CEST)
To: Aleksey Sanin <aleksey@aleksey.com>
cc: xml-encryption@w3.org
Message-ID: <Pine.LNX.4.44.0204021539370.801-100000@weierstrass.esat.kuleuven.ac.be>

I think that SignatureMethod in ds:SignedInfo should be present in
each signature, because it restricts the attacker:
If I leave out SignatureMethod, the attacker might be able to come up with
a weaker SignatureMethod, tamper with the references and claim that the
signature was produced with this method.
RSA with a weak hash algorithm would suffice.
(actually, he might produce 'any' signature if the hash function is weak

So specifying the SignatureMethod ensures the verifier that this signature
is generated with a solid technique.

(mailinglist, correct me if I'm wrong)


On Mon, 1 Apr 2002, Aleksey Sanin wrote:

> Sorry for mistype, actually Imeant SignatureMethod in XMLDSig:
> A minor issue but probably it's worth to fix it: the EncryptionMethod
> in XMLEncryption and SignatureMethod in XMLDSig both have the same meaning:
> algorithm selection. However, EncryptionMethod is *optional* element and
> SignatureMethod is *required*. From my point of view it is inconsistent.
> Either both should be required or both should be optional. I would prefer
> the second (both optional) since application can have this
> information from the context.
> Aleksey Sanin <aleksey@aleksey.com>
> http://www.aleksey.com/xmlsec
Received on Tuesday, 2 April 2002 07:57:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:08 UTC