Enhanced XML Digital Signature Algorithm to Mitigate Wrapping Attacks
draft-enhanced-xml-digital-signature-algorithm-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | jitendra Kumar , Balaji Rajendran , BS. Bindhumadhava | ||
Last updated | 2019-08-08 (Latest revision 2019-02-04) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
XML signature standard [RFC3275]identifies signed elements by their unique identities in the XML document. However this allows shifting of XML elements from one location to another within the same XML document, without affecting the ability to verify the signature. This flexibility paves the way for an attacker to tweak the original XML message without getting noticed by the receiver, leading to XML Signature wrapping or rewriting attacks. This document proposes to use absolute XPath as a "Positional Token" and modifies the existing XML Digital Signature algorithm to overcome this attack.
Authors
jitendra Kumar
Balaji Rajendran
BS. Bindhumadhava
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)