santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <canto...@osu.edu>
Subject RE: DO NOT REPLY [Bug 40921] - XML <X509Certificate> contents modified and signature normallly validated.
Date Wed, 08 Nov 2006 16:52:50 GMT
> Maybe I'm misunderstanding the commentary made so far in this 
> bug report.
> 
> If KeyInfo is indeed advisory, then how does one establish the
> trustworthiness of an enveloped signature?

As Sean said, trust, whatever you believe that means, is outside the scope
of XML Signature and of the ds:KeyInfo element. The element is used to
transmit hints to the relying party to assist in efficiently verifying the
signature. After that, there's an entirely separate set of code that every
application has to have that evaluates the "legitimacy" of the signing key,
and you also have to verify that what's been signed is what you expected.
Both steps can be very complex.

I think it would be useful if the xmlsec Javadocs made this somewhat more
clear in the doc comment for any "verify" methods that exist. People need to
be very clear that that method does not mean "trust this message". It's a
drop in the bucket. I worry sometimes about the applications out there using
this stuff.

-- Scott


Mime
View raw message