- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 6 Dec 2001 12:10:56 -0500
- To: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, "'xml-encryption@w3.org'" <xml-encryption@w3.org>
- Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
On Wednesday 05 December 2001 16:39, Eastlake III Donald-LDE008 wrote: > Some encryption algorithms take an initialization vector (IV) such that > an adversary modifying the IV can make a known change in the plain text > after decryption. This attack can be avoided by securing the integrity of > the plain text data, for example by signing it, or, for most such > algorithms, by including an algorithm dependent length. A nonce at least > as long as the block for CBC chaining block encryption algorithms may be > adequate. I'm afraid this paragraph might confuse folks into thinking that their IVs for a given algorithm belong in this nonce attribute. Perhaps we could mention the IV as an aside with a future reference to somewhere in section 5? Also, I'm presuming that the spaces in <Nonce> Zm9v </Nonce> in 5.5 aren't intentional; I've delete them. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 6 December 2001 12:10:58 UTC