RE: Fwd: Surreptitious Forwarding

Hi Don, 

Comments below.

> -----Original Message-----
> From: Don Davis []
> Sent: Monday, July 30, 2001 10:55 AM
> To: Joseph M. Reagle Jr.
> Cc: XML Encryption WG ;
> Subject: Re: Fwd: Surreptitious Forwarding
> > - We might as well be clear that this pertains to the cipher
> >   and plain text.
> > - Again, since my confusion on your point is still a valid
> >   warning, might as well retain both.
> > - Again, since we're warning folks, doesn't hurt to extend the
> >   warning to any sort of 'envelope' (e.g., a base64 encoding).
> hi, joseph --
>    i'm sorry, but i don't agree that we "might as well"
> conflate the issue i've raised with these axioms of
> public-key messaging:
>     * encryption of plaintext doesn't authenticate the
>       origion of the plaintext;
>     * unsigned message-headers aren't secured;
>     * unsigned & unencrypted envelopes aren't secured.
> my point is not axiomatic. though anyone who understands
> the technology can easily derive my point from the axioms,
> my point isn't as obvious to a nonspecialist.  thus, by
> folding the axioms' restatements into my warning, we
> would accidentally ensure that my point remains obscure
> and unavailable to a nonspecialist. since my point is
> about clearly addressing a cryptographic nuance, it does
> hurt clarity to mix other issues into the presentation
> of my point.
>    because my paper addresses only signed-&-encrypted
> messages and this usability issue that they raise, i
> now believe that both XML-Enc and XML-Sig should carry
> the same warning text:
>       "When an encrypted envelope contains a signature,
>        the signature does not protect the authenticity
>        or integrity of the ciphertext, even though the
>        signature does protect the integrity of the plaintext.
>        Accordingly, most applications should take care
>        to prevent the unauthorized replacement of the
>        encrypted envelope."
> 					- don davis, boston

I don't think that it's necessary for these statements to have to reflect
exactly what your paper stated, but reflect the broader issues in general
that are appropriate to each.  Thus, while I think that your above text is
appropriate for XML-Enc, it is too specific for XML-Sig. I think that
Joseph's original text for XML-Sig that indicated the general issue with a
signature-only is fine, with a pointed example to encrypted text. Otherwise,
if someone were to just implement XML-Sig, they might ignore the above text
in case they aren't performing encryption.



Received on Monday, 30 July 2001 10:16:05 UTC