- From: Aleksey Sanin <aleksey@aleksey.com>
- Date: Tue, 02 Apr 2002 08:53:48 -0800
- To: Karel Wouters <Karel.Wouters@esat.kuleuven.ac.be>
- Cc: xml-encryption@w3.org
I am not sure I got your point about replacing the SignatureMethod with weaker version. If the application have algorithm A in the context then it will verify the message using this algorithm A. The attacker *could not* change it. If the algorithm A is weak then application has a problem in both cases (SignatureMethod specified or not). Aleksey. Karel Wouters wrote: >Hi, > >I think that SignatureMethod in ds:SignedInfo should be present in >each signature, because it restricts the attacker: >If I leave out SignatureMethod, the attacker might be able to come up with >a weaker SignatureMethod, tamper with the references and claim that the >signature was produced with this method. >RSA with a weak hash algorithm would suffice. >(actually, he might produce 'any' signature if the hash function is weak >enough) > >So specifying the SignatureMethod ensures the verifier that this signature >is generated with a solid technique. > >(mailinglist, correct me if I'm wrong) >
Received on Tuesday, 2 April 2002 11:49:53 UTC