W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2001

Re: Signing and Encryption

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Thu, 1 Feb 2001 23:02:25 +0900
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "Joseph Ashwood" <jashwood@arcot.com>, <xml-encryption@w3.org>, hal@finney.org
Message-ID: <OF48478EBD.2281FD2A-ON492569E6.004BD4F0@LocalDomain>

Hi Joseph,

>2. Does it leave signature data available to aid plain text
>guessing attacks?
>You've encrypted the SignatureValue (enc3) to help prevent
>an attack on (enc2), however, it's the DigestValue that
>has the information that will be useful to you in attacking
>(enc2), right?

Yes.  This is just my mistake.

>3. What does this offer over the simple rule of when you
>encrypt an element, encrypt any Signature's over that
>It improves on the two problems discussed in?

I have no solution of the problems now, except leaving them to applications

Tokyo Research Laboratory
IBM Research
Received on Thursday, 1 February 2001 10:03:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:02 UTC