[security] security hole in signature algorithm
Dick Hardt
dick at sxip.com
Mon Nov 20 21:24:04 UTC 2006
On 20-Nov-06, at 1:21 PM, Josh Hoyt wrote:
> On 11/20/06, Dick Hardt <dick at sxip.com> wrote:
>> Ah, there it is! Seriously, I looked through the document and did not
>> find it, and when chatting with Recordon last week, I understood from
>> him the same thing I was thinking. (I might have misunderstood him)
>>
>> Section 6.1 mislead me to think that it was the algorithm, as it
>> talks about appending the key and value to the list. Perhaps a link
>> to the KV algorithm there would be useful here?
>
> maybe a reorganization that combines sections 6 and 7 and makes 7.2
> more prominent?
Works for me! 6.1 and 7.2 look like they should be together.
Key point is that there is not a hole, which is a big relief.
If nothing else, my attack shows why the delimiters are needed. :-)
-- Dick
More information about the security
mailing list