security-services message

Subject: RE: [security-services] FW: <fyi> HMAC flaw in XML DSig, Redux (W3C Blog)

From: "Scott Cantor" <cantor.2@osu.edu>
To: <robert.philpott@rsa.com>, <bcampbell@pingidentity.com>, <security-services@lists.oasis-open.org>
Date: Thu, 16 Jul 2009 11:33:03 -0400

robert.philpott@rsa.com wrote on 2009-07-16:
> I'm not aware of any implementations that generate messages using
HMAC-based
> signatures.  However, the issue isn't so much what SAML implementations
> might send out, it's how they would respond if they received a hacked
> message that contained an HMAC-based signature.  Depending on the
> implementation's underlying DSIG package, it could conceivably accept such
a
> message as having a valid signature and attempt to process its contents.

Sure, but only if it were actually using HMAC explicitly as a RP, since it
would have to validate the signing key. Obviously the attack lets you spoof
the key, but you'd have to be expecting to validate a symmetric key to begin
with.

-- Scott

References:
- Re: [security-services] FW: <fyi> HMAC flaw in XML DSig, Redux (W3CBlog)
  - From: Brian Campbell <bcampbell@pingidentity.com>
- Re: [security-services] FW: <fyi> HMAC flaw in XML DSig, Redux (W3CBlog)
  - From: Brian Campbell <bcampbell@pingidentity.com>
- RE: [security-services] FW: <fyi> HMAC flaw in XML DSig, Redux (W3C Blog)
  - From: <robert.philpott@rsa.com>