W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

Re: Signing and Encryption

From: meadowsj <meadowsj@nobs.ca.boeing.com>
Date: Mon, 29 Jan 2001 15:39:12 -0500 (EST)
Message-Id: <200101292038.MAA28850@nobs.ca.boeing.com>
To: xml-encryption@w3.org, jashwood@arcot.com
Cc: IMAMU@jp.ibm.com
If signing a document is akin to making an assertion about a document,
I could perceive some value in keeping certain assertions made about a
document private from third parties. I'm hard pressed to think of an
example where storing those assertions with the document would be an
absolute necessity however, so perhaps it's a non-issue.

Cheers,
Joe Meadows

>Additionally there is should be no case where someone wants to encrypt the
>signature, without encrypting the data that is signed. The signature only
>asserts the validity of the information, if a portion of the data is
>encrypted the underlying hash of the signature can be attacked (albeit with
>very low probability of success). The result is that (from the attackers
>perspective) it is far more important to know the data (any part of the
>data) than to know the signature.
>                    Joe
>
Received on Monday, 29 January 2001 16:38:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT