Abstract

McIntosh and Austel (SWS 2005, [12] ) have shown that standard semantics of digital signatures in context of WS-Security fail: If parts of the document are signed and the signature verification applied to the whole document returns a Boolean value, then the document can be significantly altered without invalidating the signature. Rahaman, Schaad and Rits (SWS 2006, [15] ) introduce the inline approach against the flaw. We analyze the inline approach and demonstrate weaknesses by the construction of counterexamples. Finally, we study solution ideas that mitigate XML wrapping attacks.