> Yes, of course. My question is, if the KeyInfo in a valid signature > can be changed without failing the signature check, then what good > does it do me to check the chain of trust on the KeyInfo?
By itself, nothing. You still also have to verify that the KeyInfo actually validates the Signature. There's no attack here, you can't just substitute an arbitrary key and actually make it validate the signature too. Not unless there's a broken encryption algorithm anyway. > I presume this behavior is implemented as specced by the W3C. The spec says nothing about it, unless you mean the part about whether KeyInfo is digested. That part is in the spec, yes. -- Scott
