Digital signatures have a big problem with meaning
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jun 3 10:18:10 EDT 2005
Anne & Lynn Wheeler <lynn at garlic.com> writes:
>the problem was that xml didn't have a deterministic definition for encoding
>fields.
Yup, see "Why XML Security is Broken",
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules for deterministic encoding, but so
many things get them wrong that experience has shown the only safe way to
handle it is to do an exact bit-for-bit copy from A to B, rather than trying
to re-code at any point. I've frequently commented that there is only one
workable rule for encoding objects like X.500 DNs, and that's memcpy().
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list