W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2001

Re: Signing and Encryption

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Thu, 1 Feb 2001 23:02:25 +0900
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "Joseph Ashwood" <jashwood@arcot.com>, <xml-encryption@w3.org>, hal@finney.org
Message-ID: <OF48478EBD.2281FD2A-ON492569E6.004BD4F0@LocalDomain>


Hi Joseph,

>2. Does it leave signature data available to aid plain text
>guessing attacks?
>
>You've encrypted the SignatureValue (enc3) to help prevent
>an attack on (enc2), however, it's the DigestValue that
>has the information that will be useful to you in attacking
>(enc2), right?

Yes.  This is just my mistake.


>3. What does this offer over the simple rule of when you
>encrypt an element, encrypt any Signature's over that
>element?
>
>It improves on the two problems discussed in?
>http://lists.w3.org/Archives/Public/xml-encryption/2000Nov/0081.html

I have no solution of the problems now, except leaving them to applications
...

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Thursday, 1 February 2001 10:03:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:59 UTC