W3C home > Mailing lists > Public > xml-encryption@w3.org > June 2001

Requirement to Warn of Surreptitious Forwarding

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 25 Jun 2001 13:51:50 -0400
Message-Id: <>
To: "XML Encryption WG " <xml-encryption@w3.org>
Don Davis has recently presented a paper on "surreptiouis forwarding", as 
discussed on the list last year, and I think it deserves a few sentences in 
the requirements/spec. Consequently, I propose the following for the 
requirements (and a variant for the spec). Suggestions/tweaks are welcome.

5.3.3: The specification must warn users of "surreptitious forwarding" 
[Davis] whereby the recipient of a signed-then-encrypted message incorrectly 
infers that their status as a recipient, which was not signed, was also 
secured because both items exist in an "confidentially" encrypted envelope. 
For example, Alice signs the content of a message, then encrypts it with the 
intent that only Bob see it. Bob (wanting to embarrass Alice) might 
re-encrypt the signed message in Charlie's key and send it to him; Charlie 
might now think that Alice sent him this message since it has her signature! 
Charlie confuses the authenticity resulting from signing the recipient 
(which Alice failed to do) with the confidentially that *can be* provided by 
encryption (which Bob violated by re-transmitting the message).

[Davis] Davis. Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM,
PGP, and XML. Usenix 2001.

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Monday, 25 June 2001 13:51:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:03 UTC