W3C home > Mailing lists > Public > xml-encryption@w3.org > July 2001

RE: Requirement to Warn of Surreptitious Forwarding

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 06 Jul 2001 16:25:17 -0400
Message-Id: <>
To: "Plambeck, Thane" <tplambeck@verisign.com>
Cc: "XML Encryption WG " <xml-encryption@w3.org>
At 13:24 6/27/2001, Plambeck, Thane wrote:
>I'll bite on rewording the first part of that ...

Hi Thane, I wasn't sure if you were proposing a whole replacement for that 
text, but I've now included a merge of the two:

$Revision: 1.25 $ on $Date: 2001/07/06 20:23:46 $

6.3 Surreptious Forwarding

The recipient of a signed-then-encrypted message must not infer that their 
status as a recipient, which was not signed, was also secured because both 
items exist in a "confidentially" encrypted envelope. For example, Alice 
signs the content of a message, then encrypts it with the intent that only 
Bob see it. Bob (wanting to embarrass Alice) might re-encrypt the signed 
message in Charlie's key and send it to him; Charlie might now think that 
Alice sent him this message since it has her signature! Charlie confuses the 
authenticity resulting from signing the recipient (which Alice failed to do) 
with the confidentially that can be provided by encryption (which Bob 
"violated" by re-transmitting the message).

To prevent surreptitious forwarding applications should include the original 
recipient inside the information that is signed.

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Friday, 6 July 2001 16:26:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:00 UTC