[
Lists Home |
Date Index |
Thread Index
]
Let me say a bit. I've been involved with security, crypto, PKI, for
(too many) years.
First, having the data tagged or not is not a security issue. Data
thieves already *know* what they data they're looking for looks like:
123-45-6789 is probably a US social security number, 3141 5926 5358 9483
is probably a credit card number, and so on. It doesn't have to say
<ccard type="amex">....</ccard> to stick out. Even more likely,
however, is the likelihood that the thieves include someone inside the
organization, who can get the data description. So even if there markup
itself is little more than a comma separating fields, the bad guys will
know where to look.
As for encryption, the principal that "only the key (not the algorithm,
etc.) is important" dates back to 1883 (Kerchoff). This means that
knowing something is encrypted -- XML-ENC defines an <EncryptedData> tag
-- is okay. And for modern cryptosystems, used properly, it is.
> The question might be, is it possible that markup
> leaves signposts in encrypted data that make them a security
> risk?
No.
The attack mentioned elsewhere -- knowing the structure of the data
might give hints -- is easily thwarted. XML-ENC allows you to insert a
"nonce" -- a stream of random bytes -- at the beginning of the text to
be encrypted.
Hope this helps.
/r$
|
