- From: Yongge Wang <ywang@certicom.com>
- Date: Fri, 23 Mar 2001 11:51:05 -0500 (EST)
- To: David Montgomery <david.montgomery@entrust.com>
- cc: "'XML Encryption List'" <xml-encryption@w3.org>
> The use of multiple DataReference elements allows the following flawed > relationship; Alice must encrypt EncryptedData-A and EncryptedData-B with > the same symmetric key, which is encrypted with Bob's public key in > EncryptedKey-Bob. If Eve is a second recipient of EncryptedData-A, she > gains indirect access to EncryptedData-B, which Alice did not intend. (Same > applies to KeyReferences.) This attack may be an implementation issue? No matter what kind of standard you design, if the sender is dumb enough, he may make the protocol completely insecure.... Regards, Yongge ----------------------------------- Yongge Wang -- Crypto Mathematician http://cs.uwm.edu/~wang/ -----------------------------------
Received on Friday, 23 March 2001 11:52:07 UTC