¥Address wrapping attacks
¥Simplify/modify/profile
transform processing
¥SHA-1
¥Mitigate denial of service and
other attacks
–Limit XSLT,
Transforms, Timeouts/limits, Resource resolution (References vs. KeyInfo), Operation order
–Relying
party get Reference material as has been signed
–SignedInfo
canonicalization issues (comments)
¥Other practices
–Pre-normalize
entities before signing?
¥Document Best
Practices/Security Considerations