- From: meadowsj <meadowsj@nobs.ca.boeing.com>
- Date: Mon, 29 Jan 2001 15:39:12 -0500 (EST)
- To: xml-encryption@w3.org, jashwood@arcot.com
- Cc: IMAMU@jp.ibm.com
If signing a document is akin to making an assertion about a document, I could perceive some value in keeping certain assertions made about a document private from third parties. I'm hard pressed to think of an example where storing those assertions with the document would be an absolute necessity however, so perhaps it's a non-issue. Cheers, Joe Meadows >Additionally there is should be no case where someone wants to encrypt the >signature, without encrypting the data that is signed. The signature only >asserts the validity of the information, if a portion of the data is >encrypted the underlying hash of the signature can be attacked (albeit with >very low probability of success). The result is that (from the attackers >perspective) it is far more important to know the data (any part of the >data) than to know the signature. > Joe >
Received on Monday, 29 January 2001 16:38:43 UTC