Re: Note on decryption transform from Joseph M. Reagle Jr. on 2001-02-26 (xml-encryption@w3.org from February 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 26 Feb 2001 17:39:09 -0500
To: Takeshi Imamura <imamu@jp.ibm.com>, Hiroshi Maruyama <maruyama@jp.ibm.com>
Cc: xml-encryption@w3.org
Message-Id: <4.3.2.7.2.20010226172619.020664e8@rpcp.mit.edu>

At 14:27 2/26/2001 +0900, Takeshi Imamura wrote:
>We post a note on the "decryption transform" described in [1].  Hiroshi
>Maruyama plans to talk about this note at the upcoming meeting.  We look
>forward to comments and discussions at the meeting and on this mailing
>list.

Takeshi and Hiroshi,

Thank you for the very well specified proposal!

In section 5 you write:

>5 Security Considerations
>It should be noted that in XML Signature [XML-Signature], the digest value 
>of a signed resource appears in clear text in a Reference element, even 
>though the resource itself is encrypted after signing. As noted by Hal 
>Finney in [Finney], this may become vulnerability by plain-text-guessing 
>attacks. Applications should implement appropriate means to protect from 
>these attacks.

We discussed the options of encrypting the Signature, SignedInfo, or just 
the DigestValues. By "appropriate means" do you mean to state that in some 
cases there "may" not be a vulnerability, that concern over this 
vulnerability is completely within the applications domain, and/or we should 
leave which bits of the Signature are encrypted up to the application as well?

Also, we should still identify the problem that this may be difficult in the 
following two situations: (a) where the signature and encryption are 
detached and not very well known by each other and (b) "Alice Encrypts 
element A and the Signature over the parent of A. Bob encrypts element B 
(sibling of A) but *not* the Signature since he doesn't know about it. Alice 
then decrypts A and it's Signature, providing information to a subsequent 
plain text attack." [1] Right?

[1] http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0100.html

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Monday, 26 February 2001 17:39:22 UTC