W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Signing encrypted data & PKCS7/CMS thoughts

From: Thane Plambeck <tplambeck@verisign.com>
Date: Thu, 22 Mar 2001 09:24:49 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40214B678@vhqpostal.verisign.com>
To: "'xml-encryption@w3.org'" <xml-encryption@w3.org>
Ed writes:
> The wonderful thing about XML Signature and XML Encryption is that it is
very flexible in ways that simply were not possible with CMS and PKCS7.  
 
Although I agree with this in spirit, it's also our biggest problem in my
opinion. To the extent that we enable app developers to
reuse keys, combine signature/encryption, etc, we run risks of creating
footholds for cryptanalysis that
aren't present in PKCS7/CMS.  Publishing a spec that puts the burden of
cryptanalytic soundness on the app developer is
a useless, probably even dangerous activity.  
 
Suppose I believe that CMS and PKCS7 have a sound treatment of signing and
encryption from a 
cryptanalytic point of view.  It would be great if I knew that any
cryptanalytic attack on my 
XML Encryption/XML SIgnature application would lift to a PKCS 7 attack, ie,
that my XML app
is at least as secure as PKCS7.  Maybe there could be PKCS7 "profile" or
something?  
 
Whether this is possible or even a reasonable way to think of this I don't
know.  
 
Thane Plambeck
VeriSign
Received on Thursday, 22 March 2001 12:24:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT