- From: Don Davis <dtd@world.std.com>
- Date: Tue, 31 Jul 2001 09:16:57 -0500
- To: Mike Just <Mike.Just@entrust.com>
- Cc: "XML Encryption WG " <xml-encryption@w3.org>, <SMathews@conclusive.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
joseph wrote:
>>> Second, information that is not signed but part of an
>>> envelope containing signed information is obviously not
>>> secured. For instance, unsigned recipient headers
>>> accompanying signed information within an encrypted
>>> envelope does not have its authenticity or integrity
>>> protected.
don replied:
>> because my paper addresses only signed-&-encrypted
>> messages and this usability issue that they raise, i
>> now believe that both XML-Enc and XML-Sig should carry
>> the same warning text:
>>
>> "When an encrypted envelope contains a signature,
>> the signature does not protect the authenticity
>> or integrity of the ciphertext, even though the
>> signature does protect the integrity of the plaintext.
>> Accordingly, most applications should take care
>> to prevent the unauthorized replacement of the
>> encrypted envelope."
mike just replied:
> while ... your above text is appropriate for XML-Enc, it
> is too specific for XML-Sig. I think that Joseph's original
> text for XML-Sig that indicated the general issue with a
> signature-only is fine, with a pointed example to encrypted
> text. Otherwise, if someone were to just implement XML-Sig,
> they might ignore the above text in case they aren't
> performing encryption.
my text is not too specific for XML-Sig, unless mine were to
be that document's only caution against misuse of signatures.
i agree that for either document, my text is not by itself a
sufficient caution. each document should also include the
other, more axiomatic warnings, as appropriate. for example,
as you say, joseph's original text ("...not signed but part
of an envelope...", quoted above) should of course be included
as a separate bullet-item, so that it won't be confused with
my point about signed-&-encrypted messages.
thank you for your comments.
- don davis, boston
>> -----Original Message-----
>> From: Don Davis [<mailto:dtd@world.std.com>mailto:dtd@world.std.com]
>> Sent: Monday, July 30, 2001 10:55 AM
>> To: Joseph M. Reagle Jr.
>> Cc: XML Encryption WG ; SMathews@conclusive.com
>> Subject: Re: Fwd: Surreptitious Forwarding
>>
>>
>> > - We might as well be clear that this pertains to the cipher
>> > and plain text.
>> > - Again, since my confusion on your point is still a valid
>> > warning, might as well retain both.
>> > - Again, since we're warning folks, doesn't hurt to extend the
>> > warning to any sort of 'envelope' (e.g., a base64 encoding).
>>
>> hi, joseph --
>>
>> i'm sorry, but i don't agree that we "might as well"
>> conflate the issue i've raised with these axioms of
>> public-key messaging:
>>
>> * encryption of plaintext doesn't authenticate the
>> origion of the plaintext;
>> * unsigned message-headers aren't secured;
>> * unsigned & unencrypted envelopes aren't secured.
>>
>> my point is not axiomatic. though anyone who understands
>> the technology can easily derive my point from the axioms,
>> my point isn't as obvious to a nonspecialist. thus, by
>> folding the axioms' restatements into my warning, we
>> would accidentally ensure that my point remains obscure
>> and unavailable to a nonspecialist. since my point is
>> about clearly addressing a cryptographic nuance, it does
>> hurt clarity to mix other issues into the presentation
>> of my point.
>>
>> because my paper addresses only signed-&-encrypted
>> messages and this usability issue that they raise, i
>> now believe that both XML-Enc and XML-Sig should carry
>> the same warning text:
>>
>> "When an encrypted envelope contains a signature,
>> the signature does not protect the authenticity
>> or integrity of the ciphertext, even though the
>> signature does protect the integrity of the plaintext.
>> Accordingly, most applications should take care
>> to prevent the unauthorized replacement of the
>> encrypted envelope."
>>
>> - don davis, boston
>>
>>
>
>
> I don't think that it's necessary for these statements to
> have to reflect exactly what your paper stated, but reflect
> the broader issues in general that are appropriate to each.
> Thus, while I think that your above text is appropriate for
> XML-Enc, it is too specific for XML-Sig. I think that Joseph's
> original text for XML-Sig that indicated the general issue
> with a signature-only is fine, with a pointed example to
> encrypted text. Otherwise, if someone were to just implement
> XML-Sig, they might ignore the above text in case they aren't
> performing encryption.
>
>
>Cheers,
>Mike
>
>
>
>
>
>
>
Received on Tuesday, 31 July 2001 09:17:25 UTC