xml-dev - Re: [xml-dev] md5sum / sha1sum for XML?

Re: [xml-dev] md5sum / sha1sum for XML?

[ Lists Home | Date Index | Thread Index ]

To: Mitch Amiano <mitch.amiano@agilemarkup.com>
Subject: Re: [xml-dev] md5sum / sha1sum for XML?
From: Richard Salz <rsalz@us.ibm.com>
Date: Tue, 18 Jul 2006 12:40:33 -0400
Cc: xml-dev@lists.xml.org
In-reply-to: <44B80928.7000908@agilemarkup.com>

> With a signature, both you and the receiver can perform a 
> subsequent test that the signature and file still match up.  Of course, 
> if the signature is also with the original data, and that's your only 
> copy, then someone could replace the signature too.

There are actually two parts to checking a signature -- verifying that the 
signature is correct, and validating the identity of the signer.  An 
adversary replacing the signature can pass the first test, but won't pass 
the second.

> Even if not, you or 
> the receiver could conceivably  maliciously replace both the file and 
> the signature, thus creating an uncertainty about whose copy is 
authentic.

If the signature is using something like RSA, then not really.  While the 
sender can create a new signed document, it will be harder for them to 
repudiate that they signed the first one. 
--
SOA Appliances
Application Integration Middleware

References:
- Re: [xml-dev] md5sum / sha1sum for XML?
  - From: Mitch Amiano <mitch.amiano@agilemarkup.com>

Prev by Date: Re: [xml-dev] md5sum / sha1sum for XML?
Next by Date: Re: [xml-dev] RE: Why is there little usage of XML on the "visibleWeb"?
Previous by thread: Re: [xml-dev] md5sum / sha1sum for XML?
Next by thread: XSD Imports with location
Index(es):
- Date
- Thread