W3C home > Mailing lists > Public > xml-encryption@w3.org > August 2001

Security Concerns (Was: Surreptitious Forwarding)

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 16 Aug 2001 13:45:45 -0400
To: "XML Encryption WG" <xml-encryption@w3.org>
Message-Id: <01081613454502.00434@policy>

I hope (and have reasons to believe) that the following text isn't too 
onerous. So, I suppose I would ask that unless you really have a problem with 
the following, let's move on:


http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-Security

...
Additionally, while the following warnings pertain to incorrect inferences by 
the user about the authenticity of information encrypted, applications should 
discourage user misapprension by communicating clearly which information has 
integrity, or is authenticated, confidential, or non-repudiable when multiple 
processes (e.g., signature and encryption) and algorithms (e.g., symmetric 
and asymmetric) are used: 

1.When an encrypted envelope contains a signature, the signature does not 
necessarily protect the authenticity or integrity of the ciphertext [Davis].

2. While the signature secures plaintext it only covers that which is signed, 
recipients of encrypted messages must not infer integrity or authenticity of 
other unsigned information (e.g., headers) within the encrypted envelope, see 
[XMLDSIG, 8.1.1 Only What is Signed is Secure].
Received on Thursday, 16 August 2001 13:45:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT