Re: [dss-x] Update of public committee page (DSS-X)

[Stefan Hagen <stefan@dilettant.eu>]

Impatient, I am. Now I see the update on the public page.

Thanks and all the best,
Stefan

> Am 10.08.2020 um 17:12 schrieb Stefan Hagen <stefan@dilettant.eu>:
> 
> ïDear Chet,
> 
> I updated the "Group Notes" via kavi to add a new top list item under Announcements:
> 
> """
> <li><b>Security Notice:</b> The DSS core 1.0 became OASIS standard in 2007. It defines an interface for signature creation and validation for different signature formats and supports multiple variants to transport the documents to be signed or verified. The combination of InlineXML-option (XML-payload within the DSS transport document) and a specially crafted XMLDSig allows an attacker to circumvent the non-repudiation property of the signature. The details regarding this problem are explained in detail in a short (<a href=https://www.oasis-open.org/committees/document.php?document_id=67357&wg_abbrev=dss-x";>presentation</a>). The recommended mitigation is to <b>move to DSS-X core 2.0</b>. Alternatively, <b>deny the use of the InlineXML option</b>.'
> </li>
> """
> 
> I am sorry if I forgot, but does this automatically update the public page announcement section (after some time) or do I need to take an additioal action? ... or maybe only OASIS admin can do?
> 
> Happy to receive any support in this matter.
> 
> All the best,
> Stefan
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php