Re: md5sum / sha1sum for XML?

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: Mitch Amiano <mitch.amiano@a...>
Subject: Re: md5sum / sha1sum for XML?
From: Richard Salz <rsalz@u...>
Date: Tue, 18 Jul 2006 12:40:33 -0400
Cc: xml-dev@l...
In-reply-to: <44B80928.7000908@a...>

> With a signature, both you and the receiver can perform a 
> subsequent test that the signature and file still match up.  Of course, 
> if the signature is also with the original data, and that's your only 
> copy, then someone could replace the signature too.

There are actually two parts to checking a signature -- verifying that the 
signature is correct, and validating the identity of the signer.  An 
adversary replacing the signature can pass the first test, but won't pass 
the second.

> Even if not, you or 
> the receiver could conceivably  maliciously replace both the file and 
> the signature, thus creating an uncertainty about whose copy is 
authentic.

If the signature is using something like RSA, then not really.  While the 
sender can create a new signed document, it will be harder for them to 
repudiate that they signed the first one. 
--
SOA Appliances
Application Integration Middleware

References:
- Re: md5sum / sha1sum for XML?
  - From: Mitch Amiano <mitch.amiano@a...>

Prev by Date: Re: md5sum / sha1sum for XML?
Next by Date: Re: RE: Why is there little usage of XML on the "visibleWeb"?
Previous by thread: Re: md5sum / sha1sum for XML?
Next by thread: XSD Imports with location
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >