RE: Fwd: Surreptitious Forwarding from Mike Just on 2001-07-30 (xml-encryption@w3.org from July 2001)

From: Mike Just <Mike.Just@entrust.com>
Date: Mon, 30 Jul 2001 10:15:34 -0400
To: "'Don Davis'" <dtd@world.std.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: XML Encryption WG <xml-encryption@w3.org>, SMathews@conclusive.com
Message-ID: <9A4F653B0A375841AC75A8D17712B9C980F329@sottmxs04.entrust.com>

Hi Don, 

Comments below.

> -----Original Message-----
> From: Don Davis [mailto:dtd@world.std.com]
> Sent: Monday, July 30, 2001 10:55 AM
> To: Joseph M. Reagle Jr.
> Cc: XML Encryption WG ; SMathews@conclusive.com
> Subject: Re: Fwd: Surreptitious Forwarding
> 
> 
> > - We might as well be clear that this pertains to the cipher
> >   and plain text.
> > - Again, since my confusion on your point is still a valid
> >   warning, might as well retain both.
> > - Again, since we're warning folks, doesn't hurt to extend the
> >   warning to any sort of 'envelope' (e.g., a base64 encoding).
> 
> hi, joseph --
> 
>    i'm sorry, but i don't agree that we "might as well"
> conflate the issue i've raised with these axioms of
> public-key messaging:
> 
>     * encryption of plaintext doesn't authenticate the
>       origion of the plaintext;
>     * unsigned message-headers aren't secured;
>     * unsigned & unencrypted envelopes aren't secured.
> 
> my point is not axiomatic. though anyone who understands
> the technology can easily derive my point from the axioms,
> my point isn't as obvious to a nonspecialist.  thus, by
> folding the axioms' restatements into my warning, we
> would accidentally ensure that my point remains obscure
> and unavailable to a nonspecialist. since my point is
> about clearly addressing a cryptographic nuance, it does
> hurt clarity to mix other issues into the presentation
> of my point.
> 
>    because my paper addresses only signed-&-encrypted
> messages and this usability issue that they raise, i
> now believe that both XML-Enc and XML-Sig should carry
> the same warning text:
> 
>       "When an encrypted envelope contains a signature,
>        the signature does not protect the authenticity
>        or integrity of the ciphertext, even though the
>        signature does protect the integrity of the plaintext.
>        Accordingly, most applications should take care
>        to prevent the unauthorized replacement of the
>        encrypted envelope."
> 
> 					- don davis, boston
> 
>

I don't think that it's necessary for these statements to have to reflect
exactly what your paper stated, but reflect the broader issues in general
that are appropriate to each.  Thus, while I think that your above text is
appropriate for XML-Enc, it is too specific for XML-Sig. I think that
Joseph's original text for XML-Sig that indicated the general issue with a
signature-only is fine, with a pointed example to encrypted text. Otherwise,
if someone were to just implement XML-Sig, they might ignore the above text
in case they aren't performing encryption.

Cheers,
Mike

Received on Monday, 30 July 2001 10:16:05 UTC