Enhanced XML Digital Signature Algorithm to Mitigate Wrapping Attacks
draft-wrapping-attack-mitigation-03
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | jitendra Kumar , Balaji Rajendran , BS. Bindhumadhava | ||
| Last updated | 2018-09-24 (Latest revision 2018-03-23) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
XML signature standard as described in [RFC3275] and defined by IETF/ W3C references or identifies signed elements by their unique identities in the given XML document. Hence, signed XML elements can be shifted from one location to another location in a XML document,and still, it does not have any effect on its ability to verify its signature. This flexibility paves the way for an attacker to tweak original XML message without getting noticed by the receiver. This document proposes to use absolute XPath as an "Positional Token" and modifies existing XML Digital Signature algorithm to overcome the XML Signature wrapping/rewriting attacks on XML ignatures.
Authors
jitendra Kumar
Balaji Rajendran
BS. Bindhumadhava
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)