XML Digital Signatures •  Chapter 5 175 Cautions and Pitfalls Some of the foundation components of XML digital signatures—for example the XPath and XLST components—are in a state of flux.Therefore, you need to be careful when listing these algorithms in any transformations for you signatures. In our discussion, we have been careful to state that the XML digital signa- ture mechanism provides a way to verify who originated the signature, not who sent the signed message.You should never confuse the message originator with the message sender. Consider the following scenario. G.Washington sends a signed message to B. Arnold stating: <Data> We need to talk.  Meet me outside my office at dawn on Friday. </Data> B. Arnold wants no part of this activity and sets about confusing matters by anonymously sending the signed message on to T. Jefferson.T. Jefferson can only conclude that the message is a genuine one from G.Washington (which it is), but he has no way of knowing that the message was not intended for him or that it was not sent to him by G.Washington. Public key encryption does not help mat- ters, because after B. Arnold gets the message encrypted for him, he can re- encrypt it with T. Jefferson’s public key before sending it on. Because of the goals of generality of the XML digital signal standard, this problem is not really consid- ered a flaw of the standard but instead a potential problem with the application of the process. The solution is this: If you plan to send messages of this nature, make sure that the complete context of the information is provided within the signed body. This information could include such things as a timestamp, the recipient’s name, and references to information to provide a context for the message: <Data> <To>B. Arnold</To> <Date>15 July 1780</Date> <Subject>Your negotiations regarding West Point</Subject> We need to talk.  Meet me outside my office at dawn on Friday. </Data> Now B. Arnold is stuck.There is no way he can manipulate this message without breaking the signature. If T. Jefferson gets the message in its intact form, he will know that it was not intended for him. www.syngress.com