- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 06 Jul 2001 16:25:17 -0400
- To: "Plambeck, Thane" <tplambeck@verisign.com>
- Cc: "XML Encryption WG " <xml-encryption@w3.org>
At 13:24 6/27/2001, Plambeck, Thane wrote: >I'll bite on rewording the first part of that ... Hi Thane, I wasn't sure if you were proposing a whole replacement for that text, but I've now included a merge of the two: http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/#sec-SurreptiousForwarding $Revision: 1.25 $ on $Date: 2001/07/06 20:23:46 $ 6.3 Surreptious Forwarding The recipient of a signed-then-encrypted message must not infer that their status as a recipient, which was not signed, was also secured because both items exist in a "confidentially" encrypted envelope. For example, Alice signs the content of a message, then encrypts it with the intent that only Bob see it. Bob (wanting to embarrass Alice) might re-encrypt the signed message in Charlie's key and send it to him; Charlie might now think that Alice sent him this message since it has her signature! Charlie confuses the authenticity resulting from signing the recipient (which Alice failed to do) with the confidentially that can be provided by encryption (which Bob "violated" by re-transmitting the message). To prevent surreptitious forwarding applications should include the original recipient inside the information that is signed. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Friday, 6 July 2001 16:26:12 UTC