[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: md5sum / sha1sum for XML?
> With a signature, both you and the receiver can perform a > subsequent test that the signature and file still match up. Of course, > if the signature is also with the original data, and that's your only > copy, then someone could replace the signature too. There are actually two parts to checking a signature -- verifying that the signature is correct, and validating the identity of the signer. An adversary replacing the signature can pass the first test, but won't pass the second. > Even if not, you or > the receiver could conceivably maliciously replace both the file and > the signature, thus creating an uncertainty about whose copy is authentic. If the signature is using something like RSA, then not really. While the sender can create a new signed document, it will be harder for them to repudiate that they signed the first one. -- SOA Appliances Application Integration Middleware
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|