RE: encryption in XML & in SMIME

> Just had a thought as to how one can get the same
> effect of sign/wrap/sign without actually having
> to sign twice.  ... Rather than signing twice,
> two digests [for plaintext and for ciphertext with
> names, respectively] are covered by one signature.

mr. simon,

   i believe it works.  i can't be sure, because
i'm uncertain about the xml-sig syntax.  but the
idea of signing both digests at once is very nice,
and i wish i had thought of it years ago. in fact,
i suggest that you should publish it.

> if this is an XML Signature security issue, then
> it needs to be discussed on the XML Signature list.

   but this isn't an xml-sig security issue at all;
it's a problem that arises only when xml-encryption
is combined with xml-sig.  since the xml-enc standard
will follow the xml-sig standard, it makes sense to
address the issue in the xml-enc draft.  indeed, the
xml-sig draft _cannot_ discuss how signatures should
interact with encryption, since xml-sig can't refer
to a non-existent xml-enc draft.

				- don davis, boston


Received on Tuesday, 29 August 2000 19:56:56 UTC