- From: Aleksey Sanin <aleksey@aleksey.com>
- Date: Fri, 05 Apr 2002 13:33:28 -0800
- To: Blair Dillaway <blaird@microsoft.com>
- CC: Tom Gindin <tgindin@us.ibm.com>, xml-encryption@w3.org
I still could not understand the algorithm substitution attack on XML DSig if the SignatureMethod is ommited. The application expects that the signature will be generated using algorithm A (this algorithm is is *hard coded* in the application context). Suppose that someone generated signature using algorithm B. If application successfully validates this signature using *hard coded* algorithm A then IMHO it's the same as if an evil guy simply "guessed" the signature for algorithm A. IMHO, this simply means that algorithm A is weak and must not be used as signature algorithm at all (evil guy can guess signature *w/o* keys!!!) Aleksey. Blair Dillaway wrote: >I agree with you. Alg substitution isn't a very useful attack on XML Enc >or XML Sig with the algorithms defined in the spec. If one used some >other algorithms, then it might be an issue for Sig. Though, one might >question the wisdom of using a signature alg open to this type of >attack. > >Blair >
Received on Friday, 5 April 2002 16:34:16 UTC