- From: <hal@finney.org>
- Date: Fri, 1 Dec 2000 13:59:31 -0800
- To: hal@finney.org, priewe@darmstadt.gmd.de, xml-encryption@w3.org
Arne Priewe, priewe@darmstadt.gmd.de, writes: > hal@finney.org wrote: > >One approach would be, when signing before encrypting, to always encrypt > >the signature block along with the data being encrypted. > > We support this approach for sign/crypt, because we think that it is a > kind of attack if a signature > for enrypted data can be removed without being noticed. > (See 6.1 of our Req-Doc: > http://lists.w3.org/Archives/Public/xml-encryption/2000Nov/att-0004/01-enc-requirements_2000-10-31.html) It's not clear that an encryption transform can provide this. Encryption is meant to keep data secret, not necessarily to prevent modification of data. Depending on the chaining mode used, it may be possible to make various modifications to encrypted data with limited ability to detect it. Hal Finney
Received on Friday, 1 December 2000 16:58:22 UTC