Details
-
Enhancement
-
Status: Open
-
P4
-
Resolution: Unresolved
-
None
-
None
-
None
Description
The secure validation mode can also be enabled when generating signatures, although it is not enabled by default like it is for validation. However, it has never been documented in the javadocs and it is not very well tested. This Enhancement is filed to improve that.
The secure validation mode can be useful and beneficial when generating signatures, minimally as a way to ensure the signatures you generate can be validated when the mode is enabled. It also has security benefits as you typically don't want to be creating signatures containing weak algorithms, or with other constructs that are not considered safe.
We should add an @implNote to the DOMSignContext API describing how to enable or disable the mode like the one in DOMValidateContext. We should also enhance our regression tests to test the different restrictions of the secure validation mode when generating signatures.
The secure validation mode can be useful and beneficial when generating signatures, minimally as a way to ensure the signatures you generate can be validated when the mode is enabled. It also has security benefits as you typically don't want to be creating signatures containing weak algorithms, or with other constructs that are not considered safe.
We should add an @implNote to the DOMSignContext API describing how to enable or disable the mode like the one in DOMValidateContext. We should also enhance our regression tests to test the different restrictions of the secure validation mode when generating signatures.