W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2001

Re: Signing and Encryption

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 01 Feb 2001 14:18:05 -0500
Message-Id: <>
To: hal@finney.org
Cc: IMAMU@jp.ibm.com, kotok@w3.org, xml-encryption@w3.org
At 10:52 2/1/2001 -0800, hal@finney.org wrote:
>You can't search over the messages yielding the ciphertext!  This is very
>important and often forgotten.  Knowing the plaintext will NOT tell you
>the ciphertext unless you also know the KEY!

ah... <click/>  ;)

So in Takeshi's proposal of not signing the whole Signature, but only those 
bits absolutely necessary, what *must* be encrypted in a Signature when the 
content it signs is also encrypted: the Reference Digests (hashes over 
content being signed: yes), the SignatureValue (hash+key over SignedInfo: 
?), or both?

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Thursday, 1 February 2001 14:18:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:02 UTC