- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Thu, 1 Feb 2001 23:02:25 +0900
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: "Joseph Ashwood" <jashwood@arcot.com>, <xml-encryption@w3.org>, hal@finney.org
Hi Joseph, >2. Does it leave signature data available to aid plain text >guessing attacks? > >You've encrypted the SignatureValue (enc3) to help prevent >an attack on (enc2), however, it's the DigestValue that >has the information that will be useful to you in attacking >(enc2), right? Yes. This is just my mistake. >3. What does this offer over the simple rule of when you >encrypt an element, encrypt any Signature's over that >element? > >It improves on the two problems discussed in? >http://lists.w3.org/Archives/Public/xml-encryption/2000Nov/0081.html I have no solution of the problems now, except leaving them to applications ... Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Thursday, 1 February 2001 10:03:39 UTC