On Thursday 11 April 2002 13:08, Aleksey Sanin wrote: > I don't suggest > to change the XML Encryption design but I do think that a warning > about possible problem is a good idea. http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/#sec-Denial $Revision: 1.181 $ on $Date: 2002/04/12 20:42:15 $ GMT [[ 6.4 Denial of Service This specification permits recursive processing. For example, the following scenario is possible: EncryptedKey A requires EncryptedKey B to be decrypted, which itself requires EncryptedKey A! Or, an attacker might submit an EncryptedData for decryption that references network resources that are very large or continually redirected. Consequently, applications should be able to identify such attacks and restrict arbitrary recursion and the total amount of processing and networking resources a request can consume. ]]Received on Friday, 12 April 2002 16:54:44 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:08 UTC