- From: Don Davis <dtd@world.std.com>
- Date: Thu, 21 Sep 2000 22:28:35 -0500
- To: Ed Simon <ed.simon@entrust.com>
- Cc: xml-encryption@w3.org
ed simon wrote: >>> To avoid the second signing, one could (as you suggest) include >>> the <From> element as input to the digest of the message to be >>> encrypted. This could be done using XML Signature's Transform >>> facility. i wrote: >> i'm disappointed that the double-hash signature >> doesn't work. it seemed to be a good alternative >> solution, for applications that don't want to put >> names inside the message-body. ed simon replied: > The double hash solution (with the Transform fix) is > quite feasible for our XML e-mail with XML Signature > scenario. (Transforms are an integral part of XML > Signatures). Note: that the Transform does not force > the sender name to be part of the message, it just makes > the digest be calculated over both the sender's identity > and the pre-encrypted message. hi, ed -- if you apply a Transform that incorporates the sender's identity into the ciphertext, then you don't need the double-hash. the Transform fixes the "unauthenticated encryptor" problem handily, and the double-hash adds no security at all. as long as the sender's identity contributes to the ciphertext, it's sufficient to just sign the ciphertext, without signing the plaintext, too. - don davis, boston -
Received on Thursday, 21 September 2000 22:31:22 UTC