Firewall Wizards mailing list archives
Re: XML tag encryption?
From: Rama Kant <kant () adeptech com>
Date: Mon, 03 Jun 2002 21:54:27 -0400
The article you mention is more like FUD, e.g. they mention the possible loss of credit card information, being easily recognizable through XML. An example of such would be:
<amex cc no>3744 342298 98000</amex cc no>Now which application developer would be so much out of his/her mind to embed such XML codes? X in XML stands for "eXtensible" which means the client/server application can come up with its own markup tags to describe any coded information. A security conscious application would rather use tags that may describe some kind of encryption key/certificate or other encoding that is particular to that application around such sensitive information:
<adILjeei>hIwCF1yG8b5ELkEBA/4tgnrpnSVFSblGnVwt18+A86+T</adILjeei>Therefore, I really missed the point of the article besides it being a FUD to promote somebody's product.
Rama Kant At 01:58 PM 5/31/02, Roger Marquis wrote:
There's an article in the May 27 Computerword entitled "XML's Dirty Secret". It's labeled a Technical Analysis but written more like an advertisement for the Forum Sentry Server Appliance (www.forumsys.com). This is a Linux-based network device that apparently encrypts and decrypts XML tags (not the data, just the tags). It's an interesting application but one that wouldn't seem to offer any substantive benefit over other types of encryption (VPN, file, content, ...). The xml-dev list is divided on the issue <http://lists.xml.org/archives/xml-dev/200205/msg01412.html>. Is this another dot-com bomb or might XML be a potential security product niche? -- Roger Marquis Roble Systems Consulting http://www.roble.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- XML tag encryption? Roger Marquis (Jun 01)
- Re: XML tag encryption? Darren Reed (Jun 05)
- <Possible follow-ups>
- RE: XML tag encryption? Scott, Richard (Jun 04)
- Re: XML tag encryption? Rama Kant (Jun 04)
- Re: XML tag encryption? Marcus J. Ranum (Jun 05)
- Message not available
- Message not available
- Message not available
- Re: XML tag encryption? Rama Kant (Jun 05)
- Re: XML tag encryption? Eric Rescorla (Jun 07)