On Wednesday 05 December 2001 16:39, Eastlake III Donald-LDE008 wrote: > Some encryption algorithms take an initialization vector (IV) such that > an adversary modifying the IV can make a known change in the plain text > after decryption. This attack can be avoided by securing the integrity of > the plain text data, for example by signing it, or, for most such > algorithms, by including an algorithm dependent length. A nonce at least > as long as the block for CBC chaining block encryption algorithms may be > adequate. I'm afraid this paragraph might confuse folks into thinking that their IVs for a given algorithm belong in this nonce attribute. Perhaps we could mention the IV as an aside with a future reference to somewhere in section 5? Also, I'm presuming that the spaces in <Nonce> Zm9v </Nonce> in 5.5 aren't intentional; I've delete them. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/Received on Thursday, 6 December 2001 12:10:58 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT