- From: Ed Simon <ed.simon@entrust.com>
- Date: Mon, 28 Aug 2000 18:21:56 -0400
- To: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>
- Cc: "'Don Davis'" <dtd@world.std.com>, xml-encryption@w3.org, don@MIT.EDU, "Ralph R. Swick" <swick@w3.org>, reagle@w3.org
I did perhaps make the sample a little too sparse but I was working on the assumption, which I think is correct, is that a number of those looking at this question are not too familiar with XML Signature. However, I will describe with more words what is happening. <Signature> ... <EMail> <To>Captain Kirk</To> <From>Starfleet Command</From> <StarDate>2435CE January 19 11:22:33.44 UCT</StarDate> <Subject>Romulan invasion fleet</Subject> <Message><Encryption>MIIxyz...</Encryption></Message> </EMail> ... </Signature> In the sample above, I meant to imply that the entire <EMail> element is signed so that if you change "<From>Starfleet Command</From>" to "<From>Moon Zero Two</From>", the signature breaks. An email application that intends the sender and signer to be the same will specify the signer's identity in the <From> element. Now I think you (Stephen) are saying, that Moon Zero Two could still take the encrypted <Message> element and create this (with Moon Zero Two's signing key): <Signature> ... <EMail> <To>Captain Kirk</To> <From>Moon Zero Two</From> <StarDate>2435CE January 19 11:22:33.44 UCT</StarDate> <Subject>Romulan invasion fleet</Subject> <Message><Encryption>MIIxyz...</Encryption></Message> </EMail> ... </Signature> which would make it look like Moon Zero Two sent the encrypted <Message>. Moon Zero Two doesn't have to know what the plaintext version of the message says in order to apply its signature to the encrypted form. I agree that this is true. So let's say Starfleet Command doesn't want 3rd parties doing this kind of thing to its <Message>s. It would then need to sign the <Message> element's contents as well before encrypting. I take it this is the "sign/wrap/sign" solution mentioned in Don's email. Moon Zero Two can still try passing off the encrypted message as its own but a properly designed application will indicate the message came from Starfleet Command and was simply forwarded by Moon Zero Two. Don then says why he feels "sign/wrap/sign" is unsatisfactory in S/MIME because the sender and target info isn't signed in S/MIME. (Don, am I stating what you said correctly?) However, in the "sign/wrap/sign" solution I'm suggesting, the <To> and <From> elements are signed by the same entity that signed the content of the <Message> element before encrypting it. That way one can keep <KeyInfo> unsigned and still solve the problem. Right? If Stephen, you are suggesting there is a potential security flaw in XML Signature because <KeyInfo> is not signed, then we should start including "w3c-ietf-xmldsig@w3.org " on this discussion. Ed -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] Sent: Monday, August 28, 2000 5:08 PM To: Ed Simon Cc: 'Don Davis'; xml-encryption@w3.org; don@MIT.EDU; Ralph R. Swick; reagle@w3.org; xme Subject: Re: encryption in XML & in SMIME Ed, Not enough detail to say, (you didn't show where the signature bits are), but assuming they're outside the EMail then... <Signature> ... <EMail> <To>Captain Kirk</To> <From>Starfleet Command (Dublin)</From> <StarDate>2435CE January 19 11:22:33.44 UCT</StarDate> <Subject>Romulan invasion fleet</Subject> <Message><Encryption>MIIxyz...</Encryption></Message> </EMail> ... </Signature> Still says whatever it says, even if the Dublin starfleet folks have no idea what it says. This is independent of XML (and any other representation) - basically you can steal ciphertext if the signature's on the outside. One way 'round this is to include the keyInfo inside the plaintext and for the recipient to know to compare that to the keyInfo actually used to verify the signature. If they match then the encryptor and signer are the same, otherwise not. One potential XML advantage would be if the signature bits and keyInfo could be inside the Encryption...maybe someone can figure that transform! Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 647 7406 61 Fitzwilliam Lane, fax: +353 1 647 7499 Dublin 2. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
Received on Monday, 28 August 2000 18:27:02 UTC