[xmlsec] Xml embedded signatures

Alex Boese alexanderashleyboese at gmail.com
Wed Feb 11 08:11:50 PST 2015


I guess the assumption I'm making is that any alteration of the signed block prevents it from being reverted to its previous state. If the lib handling the xml is smart enough on verification, it might as well reinsert the missing namespaces. I guess that is regular behavior.
-A

Sent from my iPad

> On Feb 11, 2015, at 10:18 AM, Alex Boese <alexanderashleyboese at gmail.com> wrote:
> 
> Is there a list of conditions that would be best practices for signed xml nodes embedded in signed xml nodes? I state this because it seems that an inside signature could be easily invalidated by the c14n process on the outer signature.
> 
> I'm supposing best practice #1 would be to make sure all namespace prefixing within the internal node is different from the rest of the document, regardless of reuse of the namespace elsewhere.
> 
> Is there anything else that comes to mind?
> 
> -A
> 
> Sent from my Planet


More information about the xmlsec mailing list