- From: Philip Hallam-Baker <pbaker@verisign.com>
- Date: Tue, 23 Jan 2001 09:01:05 -0800
- To: "'Yongge Wang'" <ywang@certicom.com>, xml-encryption@w3.org
I think the attack was probably brought up in the RSA meetings on PKCS. The real problem with sign after encrypt was the scope of the signature, which failed to include the key data, since fixed. There is no intrinsic problem with the order of the processes, it is simply a matter of doing the job right instead of wrong. Note that encrypt after sign still requires the signature blob to be encrypted to do the job properly. Maybe what this is pointing to is that the model of separating signing and encryption might not be as neat as people thought... We may need an element <crypto> as container for all the signature and encryption data. Phill
Received on Tuesday, 23 January 2001 12:01:29 UTC