OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a

[ Lists Home | Date Index | Thread Index ]

Let me say a bit.  I've been involved with security, crypto, PKI, for 
(too many) years.

First, having the data tagged or not is not a security issue.  Data 
thieves already *know* what they data they're looking for looks like: 
123-45-6789 is probably a US social security number, 3141 5926 5358 9483 
is probably a credit card number, and so on.  It doesn't have to say 
<ccard type="amex">....</ccard> to stick out.  Even more likely, 
however, is the likelihood that the thieves include someone inside the 
organization, who can get the data description.  So even if there markup 
itself is little more than a comma separating fields, the bad guys will 
know where to look.

As for encryption, the principal that "only the key (not the algorithm, 
etc.) is important" dates back to 1883 (Kerchoff).  This means that 
knowing something is encrypted -- XML-ENC defines an <EncryptedData> tag 
-- is okay.  And for modern cryptosystems, used properly, it is.

> The question might be, is it possible that markup 
> leaves signposts in encrypted data that make them a security 
> risk?


The attack mentioned elsewhere -- knowing the structure of the data 
might give hints -- is easily thwarted.  XML-ENC allows you to insert a 
"nonce" -- a stream of random bytes -- at the beginning of the text to 
be encrypted.

Hope this helps.


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS