in Security

Why XML signatures suck

This points to a well written analysis on what’s wrong with XML signatures.

“Imagine how this would end up in court: “Your honour,
although the plaintiff claims we signed this, we have 39 differently-
canonicalised forms that show we didn’t, 18 different namespace types that
prove the plaintiff is in fact at fault and not us, 7 applications of DTDs
that show beyond a doubt that they owe us the amount they’re claiming, and
four schemas whose use will clearly show that we have rights to their house
and car as well”.”

Add the european signature law, and this gets just plain unusable. The demand for a viewer that enforces “what you see is what you sign” is quite hard to satisfy.

I’d actually like to see a case like this in court, to be able to point out to standards committees and law makers alike how crazy this all is. If you want to know why digital signatures still haven’t caught on, this is a good example.

Leave a Reply

Webmentions

  • DeveloperZen.com February 21, 2006

    Constant Bearing, Decreasing Range [IMG] Doing My Little Part- Weblog of Mark Finnern [IMG] Information Arbitrage [IMG] Software Alphabet Soup [IMG] The Village View [IMG] theotherthomasotter [IMG] Venture Chronicles [IMG] http://www.gadgetguy.de – The GadgetGuy [IMG] Yet Another Software Blog

  • DeveloperZen.com February 21, 2006

    [IMG] Constant Bearing, Decreasing Range [IMG] Doing My Little Part- Weblog of Mark Finnern [IMG] Software Alphabet Soup [IMG] The Village View [IMG] theotherthomasotter [IMG] Venture Chronicles [IMG] http://www.gadgetguy.de – The GadgetGuy [IMG] Yet Another Software Blog

  • DeveloperZen.com February 21, 2006

    [IMG] Constant Bearing, Decreasing Range [IMG] Doing My Little Part- Weblog of Mark Finnern [IMG] Software Alphabet Soup [IMG] The Village View [IMG] theotherthomasotter [IMG] Venture Chronicles [IMG] http://www.gadgetguy.de – The GadgetGuy [IMG] Yet Another Software Blog