- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Mon, 25 Jun 2001 13:51:50 -0400
- To: "XML Encryption WG " <xml-encryption@w3.org>
Don Davis has recently presented a paper on "surreptiouis forwarding", as discussed on the list last year, and I think it deserves a few sentences in the requirements/spec. Consequently, I propose the following for the requirements (and a variant for the spec). Suggestions/tweaks are welcome. 5.3.3: The specification must warn users of "surreptitious forwarding" [Davis] whereby the recipient of a signed-then-encrypted message incorrectly infers that their status as a recipient, which was not signed, was also secured because both items exist in an "confidentially" encrypted envelope. For example, Alice signs the content of a message, then encrypts it with the intent that only Bob see it. Bob (wanting to embarrass Alice) might re-encrypt the signed message in Charlie's key and send it to him; Charlie might now think that Alice sent him this message since it has her signature! Charlie confuses the authenticity resulting from signing the recipient (which Alice failed to do) with the confidentially that *can be* provided by encryption (which Bob violated by re-transmitting the message). [Davis] Davis. Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML. Usenix 2001. http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Monday, 25 June 2001 13:51:51 UTC