[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [office] "XML vulnerability leads to calls for standards change"
I saw a separate notification of this on comp.risks. The paper should be up on the ACM Digital Library at some point. I will watch for it. Meanwhile, note that the vulnerability is in the use of CBC. So long as CBC is not used in conjunction with a block cipher, it may be the bullet is escaped. The default ODF 1.0/1.1/1.2 encryption uses 8-bit CFB, not CBC, with Blowfish as the block cipher. There needs to be more information. I also need to look through my comp.risks backlog to see what more information there may be since the conference. The suggestion that XML encryption should be scrapped is a bit over-the-top. It will be interesting to see what the W3C folks come up with. It isn't really about XML but particular encryption procedures using block ciphers. The vulnerabilities apply regardless of whether they are permitted in XML Encryption or not. - Dennis -----Original Message----- From: office@lists.oasis-open.org [mailto:office@lists.oasis-open.org] On Behalf Of robert_weir@us.ibm.com Sent: Monday, October 24, 2011 08:48 To: office@lists.oasis-open.org Subject: [office] "XML vulnerability leads to calls for standards change" Any else see this? Is it legit? http://www.zdnetasia.com/xml-vulnerability-leads-to-calls-for-standards-change-62302612.htm -Rob
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]