Re: Fwd: Surreptitious Forwarding

Don,

Thanks for the clarification.

At 23:14 7/26/2001, Don Davis wrote:
>for Xml-Enc, I'd suggest:
>
>    "Also, recipients of encrypted messages must remember
>     that encryption itself does not imply anything about
>     the integrity or authenticity of the ciphertext."

Now reads:
>Also, recipients of encrypted messages must remember that encryption itself 
>does not necessarily imply anything about the integrity or authenticity of 
>the ciphertext or its plaintext, see [XMLDSIG, 8.1.1 Only What is Signed is 
>Secure].

- We might as well be clear that this pertains to the cipher and plain text.
- I added 'necessarily' to address Steve's point that use of a shared 
symmetric key for encryption can acts as an authenticator.


>for XML-Sig, I'd suggest:
>
>    "Second, a ciphertext envelope containing signed
>     information is not secured by the signature.
>     For instance, when an encrypted envelope contains
>     a signature, the signature does not protect the
>     authenticity or integrity of the ciphertext, even
>     though the signature does protect the integrity
>     of the plaintext."

Now reads:
>Second, an envelope containing signed information is not secured by the 
>signature. For instance, when an encrypted envelope contains a signature, 
>the signature does not protect the authenticity or integrity of unsigned 
>envelope headers nor its ciphertext form, it only secures the plaintext 
>actually signed.

- Again, since my confusion on your point is still a valid warning, might as 
well retain both.
- Again, since we're warning folks, doesn't hurt to extend the warning to 
any sort of 'envelope' (e.g., a base64 encoding).




--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 27 July 2001 13:51:56 UTC