W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

Re: Signing and Encryption

From: Yongge Wang <ywang@certicom.com>
Date: Fri, 26 Jan 2001 10:01:46 -0500
To: xml-encryption@w3.org
Message-ID: <852569E0.00521BAE.00@smtpmail.certicom.com>

> I agree that signature needs to be encrypted, but I'm not sure why entire
> signed data also needs to be encrypted.  Encrypting any portion of signed

At least the <SignedInfo> element should be encrypted. that contains the
the hash value, which makes the Dictionary attack possible.

> data will make signature invalid, but to recover the signature, we
> introduce EncryptedReference element.  The element can be used as follows
> (I wrote before that the element may appear within ds:SignaturePropery
> element, but I changed my mind ...).
Received on Friday, 26 January 2001 10:03:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT