Enhanced XML Digital Signature Algorithm to Mitigate Wrapping Attacks

Document Type Expired Internet-Draft (individual)
Last updated 2019-08-08 (latest revision 2019-02-04)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


XML signature standard [RFC3275]identifies signed elements by their unique identities in the XML document. However this allows shifting of XML elements from one location to another within the same XML document, without affecting the ability to verify the signature. This flexibility paves the way for an attacker to tweak the original XML message without getting noticed by the receiver, leading to XML Signature wrapping or rewriting attacks. This document proposes to use absolute XPath as a "Positional Token" and modifies the existing XML Digital Signature algorithm to overcome this attack.


jitendra Kumar (jitendra@cdac.in)
Balaji Rajendran (balaji@cdac.in)
Bindhumadhava BS (bindhu@cdac.in)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)