W3C home > Mailing lists > Public > xml-encryption@w3.org > July 2001

Re: Fwd: Surreptitious Forwarding

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 31 Jul 2001 17:16:00 -0400
Message-Id: <4.3.2.7.2.20010731171110.02e5af08@localhost>
To: Don Davis <dtd@world.std.com>
Cc: "XML Encryption WG " <xml-encryption@w3.org>, <SMathews@conclusive.com>
At 10:54 7/30/2001, Don Davis wrote:
>      "When an encrypted envelope contains a signature,
>        the signature does not protect the authenticity
>        or integrity of the ciphertext, even though the
>        signature does protect the integrity of the plaintext.
>        Accordingly, most applications should take care
>        to prevent the unauthorized replacement of the
>        encrypted envelope."

I admit I'm beginning to loose traction on these nuances, but the proposed 
text in XMLDSIG says what your first sentence says (the ciphertext form) 
*and* don't infer authenticity or integrity over "envelope headers." If you 
think that detracts from the warning about ciphertext form, I can delete it. 
I disagree with your second sentence as it brings in issues of authorization 
and violates the principle of the warnings: if want prevent unauthorized 
replacement sign it.

[1] Second, an envelope containing signed information is not secured by the 
signature. For instance, when an encrypted envelope contains a signature, 
the signature does not protect the authenticity or integrity of unsigned 
envelope headers nor its ciphertext form, it only secures the plaintext 
actually signed.

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Tuesday, 31 July 2001 17:16:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:00 UTC