W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Re: Signing encrypted data

From: Yongge Wang <ywang@certicom.com>
Date: Mon, 26 Mar 2001 20:39:59 -0500 (EST)
To: Joseph Ashwood <jashwood@arcot.com>
cc: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Message-ID: <Pine.BSF.3.96.1010326203646.17149A-100000@eng1.certicom.com>


> > an encrypted version of it for confidentiality). Right?
> >
> > You seem to think this is justified for a `very good security reasons`.
> > Right?
> >
> > Question: what are these security reasons?
> 
> Well the security reason is that if the signature doesn't include enough
> randomness then the signature can be guessed. Which leads to potential
> compromises.

First I think this is a XML-DSIG problem. Secondly,
DSA and ECDSA all require to have a random seed "r"
for each signature. And the security issues are discussed
in the DSA or ECDSA standard. It is not a problem for
XML-Encryption. Also generally the signatures are on
plaintext. So this is really no reason to exclude
the case that one can sign on a plaintext. Most
contract are signed on plaintext (of course, need to
hash it first).


Yongge



-----------------------------------
Yongge Wang -- Crypto Mathematician
http://cs.uwm.edu/~wang/
-----------------------------------       
Received on Monday, 26 March 2001 20:40:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT