The State Of Xml Digital Signatures --- How To Avoid Technical Pitfalls And Harvest The Power Of Newer Signature Schemes presented at OWASP AppSec Brasil 2010

by Henrich Christopher Pöhls (University of Passau - ISL ),

Tags: Application Security


Summary : XML Digital Signatures are a complex tool, applied right they help to ensure legal compliance, but there are many pitfalls. This talk will provide some basic steps that users and implementers should follow to avoid the pitfalls, among them are:

Solid Understanding of the XML Signature processing and verification steps
Use of simplistic and coherent references when creating XML Digital Signature
Know how to Test what was signed before acting upon it (BitFlip Test)

The Talk will also provide an overview of new applications for recent and more specialized digital signature schemes, like sanitizable signature schemes (academic research since roughly 2000) that allow to deal with the need to modify already signed content. And it will highlight the security relevant changes that are planned for the upcoming version of XML Signature Syntax and Processing 2.0.