Skip to main content

Enhanced XML Digital Signature Algorithm to Mitigate Wrapping Attacks
draft-enhanced-xml-digital-signature-algorithm-01

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors jitendra Kumar , Balaji Rajendran , BS. Bindhumadhava
Last updated 2019-08-08 (Latest revision 2019-02-04)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

XML signature standard [RFC3275]identifies signed elements by their unique identities in the XML document. However this allows shifting of XML elements from one location to another within the same XML document, without affecting the ability to verify the signature. This flexibility paves the way for an attacker to tweak the original XML message without getting noticed by the receiver, leading to XML Signature wrapping or rewriting attacks. This document proposes to use absolute XPath as a "Positional Token" and modifies the existing XML Digital Signature algorithm to overcome this attack.

Authors

jitendra Kumar
Balaji Rajendran
BS. Bindhumadhava

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)