Re: Order of sign and encrypt

Hi Tommy,

This is a confirmation message for closing the decision cycle.

The comments you reported[1] was assigned issue 321-tl.

A new paragraph was added to the specification to remove the

[372a]Implementations supporting encryption of Private Key Data MUST
support Shared Secret. Use of Shared Secret is detailed in section 8.1.

Please reply to this message if you have any objections as to the
way the changes were incorporated.


On Fri, Jul 09, 2004 at 09:33:50AM +0000, tommy lindberg wrote:
> RegisterResult and RecoverResult may both contain signatures over encrypted
> data, however the order of these operations is not explicitly stated in the 
> spec.
> Given the PrivateKey schema fragment, I'm inclined to draw the conclusion 
> that
> only encrypt-then-sign is required.  Is this the intention and if so does 
> this warrant
> a clarifying statement to that effect?
> Speculation:
> I believe the (un-encrypted) RSAKeyPair is deliberatly omitted from 
> PrivateKey so
> as to *allow* implementations to mitigate the risk of disclosure of 
> sensitive stuff
> through, say, the use of special purpose cryptographic hardware that, apart 
> from their
> primary purpose, also can be programmed to extract the private key 
> components from the
> surface syntax of an RSAKeyPair element.  I imagine that this design 
> *could* stand in the way
> of supporting sign-then-encrypt in XKMS  - assuming that 
> generating/verifying an enveloped
> signature is performed over a schema valid document, which is the only way 
> I have explored.
> Regards
> Tommy
> [1]
> _________________________________________________________________
> Tired of spam? Get advanced junk mail protection with MSN 8. 

Received on Wednesday, 13 October 2004 15:52:39 UTC