W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2001

Re: Replacement for Nonce paragraph in section 3.2

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 6 Dec 2001 12:10:56 -0500
To: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, "'xml-encryption@w3.org'" <xml-encryption@w3.org>
Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
Message-Id: <20011206171056.EE7C4827@policy.w3.org>
On Wednesday 05 December 2001 16:39, Eastlake III Donald-LDE008 wrote:
> Some encryption algorithms take an initialization vector (IV) such that
> an adversary modifying the IV can make a known change in the plain text
> after decryption. This attack can be avoided by securing the integrity of
> the plain text data, for example by signing it, or, for most such
> algorithms, by including an algorithm dependent length. A nonce at least
> as long as the block for CBC chaining block encryption algorithms may be
> adequate.

I'm afraid this paragraph might confuse folks into thinking that their IVs 
for a given algorithm belong in this nonce attribute. Perhaps we could 
mention the IV as an aside with a future reference to somewhere in section 

Also, I'm presuming that the spaces in <Nonce> Zm9v </Nonce> in 5.5 aren't 
intentional; I've delete them.


Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Thursday, 6 December 2001 12:10:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:05 UTC