W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2000

RE: encryption in XML & in SMIME

From: Don Davis <dtd@world.std.com>
Date: Thu, 21 Sep 2000 22:28:35 -0500
Message-Id: <l0311070bb5f06e803741@[]>
To: Ed Simon <ed.simon@entrust.com>
Cc: xml-encryption@w3.org

ed simon wrote:
>>> To avoid the second signing, one could (as you suggest) include
>>> the <From> element as input to the digest of the message to be
>>> encrypted.  This could be done using XML Signature's Transform
>>> facility.

i wrote:
>> i'm disappointed that the double-hash signature
>> doesn't work.  it seemed to be a good alternative
>> solution, for applications that don't want to put
>> names inside the message-body.

ed simon replied:
> The double hash solution (with the Transform fix) is
> quite feasible for our XML e-mail with XML Signature
> scenario. (Transforms are an integral part of XML
> Signatures).  Note: that the Transform does not force
> the sender name to be part of the message, it just makes
> the digest be calculated over both the sender's identity
> and the pre-encrypted message.

hi, ed --

if you apply a Transform that incorporates
the sender's identity into the ciphertext,
then you don't need the double-hash.  the
Transform fixes the "unauthenticated encryptor"
problem handily, and the double-hash adds no
security at all.  as long as the sender's
identity contributes to the ciphertext, it's
sufficient to just sign the ciphertext,
without signing the plaintext, too.

				- don davis, boston

Received on Thursday, 21 September 2000 22:31:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:58 UTC