- From: Joe Meadows <joe.meadows@boeing.com>
- Date: Tue, 03 Jul 2001 14:35:34 -0700
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- CC: John Cowan <cowan@mercury.ccil.org>, John Cowan <jcowan@reutershealth.com>, imamu@jp.ibm.com, maruyama@jp.ibm.com, xml-encryption@w3.org
At 22:17 7/2/2001, John Cowan wrote: >I am arguing that the whole verify-decrypt-verify scenario is bad practice: >it comes about only if people sign encrypted material, *which they should >never do*. We may need it nonetheless to compensate for pre-existing >bad practice. I'd also disagree with this. I can imagine encrypting a document, sending it to a second party, having them sign the encrypted document, and pass it on to a third party. Seems like there were some sensible non-repudiation schemes built on this sort of logic in the past (the intermediate party doesn't know what I sent, but given appropriate plain text or keys, can verify later if a contract dispute comes up). I realize I'm being light on details - blame it on really sunny weather in the pacific northwest [it's oh so unusual!].. Cheers, Joe
Received on Tuesday, 3 July 2001 17:35:50 UTC