W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2001

hash (digest) of the plaintext in the clear

From: Amir Herzberg <AMIR@newgenpay.com>
Date: Wed, 5 Sep 2001 12:02:09 +0300
Message-ID: <078EE8822DCFD411AAA1000629D56ADC0B7EC5@IMP01>
To: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Joseph said, 

...
> Once Don sends text for reverting back to not using 
> DigestMethod/DigestValue 
> in the clear (I hope you saw Schaad's arguments [1]), 
...
> [1] http://www.w3.org/Encryption/2001/Minutes/0720-Redwood/minutes.html

No, I didn't notice the proposal below (I'll blame my vacation...). Sorry!!

I thought the importance of keeping the hash (digest) of the plaintext in
the clear is understood: it allows authentication (signatures or MAC) of
messages including the encrypted data. In fact, signatures (not MAC) should
preferably be computed ONLY on the hashed plaintext and not on the
ciphertext, to allow changing the encryption without invalidating the
signature. I'll gladly explain it in more details if needed. 

When the plaintext contains sufficient randomness (e.g. via nonce),
providing the cryptographic hash of it in the clear should not be a security
problem. 

Has there been a detailed counter proposal or argument? 

Best, Amir Herzberg

> Proposal: DigestMethod/DigestValue Removal, Jim Schaad
> 
> Schaad: believes Herzberg wanted integrity, and something 
> about the plaintext 
> as it was before encryption. For the same reasons that Finney 
> raised earlier 
> about signature over plaintext, Schaad doesn't like plaintext 
> being in the 
> clear, should be encrypted as part of the CipherData; 
> otherwise it allows for 
> guessing of the original text if insufficient randomness exists.
> 
> Group: discussion of earlier approach of having integrity be 
> part of the 
> algorithm URI, people felt this led to too many algorithms 
> identifiers. 
> Present approach not liked for reasons stated.
> 
> Reagle: a poll was taken for Jim?s proposal: 5 supported 
> Jim?s proposal and 2 
> supported the current status. Eastlake suggested the proposal 
> to be further 
> discussion in the list.
> 
> Schaad: Proposed this as an optional element: If one wants 
> integrity checks, 
> then provide a new URI. Action Schaad: send proposal for 
> integrity to list 
> within the week with the necessary changes. Otherwise, need a 
> use case 
> (Herzberg engage Schaad in discussion) of the initial problem 
> was, so we can 
> understand the application where it applies (understanding 
> now that it was 
> wanted to have the digest value outside)
> 
Received on Wednesday, 5 September 2001 05:02:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT