W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2002

RE: Encrypting the IV - again. Was: Re: nonce length

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 4 Feb 2002 07:44:07 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F409DF650B@vhqpostal.verisign.com>
To: Blair Dillaway <blaird@microsoft.com>, Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, reagle@w3.org
Cc: xml-encryption@w3.org
To put Blair's point more concisely, Encryption protects confidentiality,
any attempt to use encryption alone to protect integrity is doomed to
failure. The same attacks can be performed through manipulation of the
cipher stream.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227



Received on Monday, 4 February 2002 10:43:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT