Firewall Wizards mailing list archives

Re: XML tag encryption?

From: Eric Rescorla <ekr () rtfm com>
Date: 05 Jun 2002 17:57:50 -0700

"Steven M. Bellovin" <smb () research att com> writes:

Apart from the fact that most developers will pick such tags -- and the 
fact that an enemy could launch a known plaintext attack to figure out 
what fields are what, in your specific example I should point out that 
credit card numbers are self-checking and thus easily recognizable.

A friend of mine talked to these guys at XML One and reports that
actually they're encrypting elements, not just tags--though
you wouldn't know it from the article.

-Ekr

-- 
[Eric Rescorla                                   ekr () rtfm com]
                http://www.rtfm.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

XML tag encryption? Roger Marquis (Jun 01)
- Re: XML tag encryption? Darren Reed (Jun 05)
- <Possible follow-ups>
- RE: XML tag encryption? Scott, Richard (Jun 04)
- Re: XML tag encryption? Rama Kant (Jun 04)
  - Re: XML tag encryption? Marcus J. Ranum (Jun 05)
  - Message not available
    - Message not available
    - Message not available
    - Re: XML tag encryption? Rama Kant (Jun 05)
- Re: XML tag encryption? Steven M. Bellovin (Jun 05)
  - Re: XML tag encryption? Eric Rescorla (Jun 07)
- Re: XML tag encryption? miha (Jun 07)
- RE: XML tag encryption? Scott, Richard (Jun 07)