- From: Thane Plambeck <tplambeck@verisign.com>
- Date: Thu, 22 Mar 2001 09:24:49 -0800
- To: "'xml-encryption@w3.org'" <xml-encryption@w3.org>
Received on Thursday, 22 March 2001 12:24:54 UTC
Ed writes: > The wonderful thing about XML Signature and XML Encryption is that it is very flexible in ways that simply were not possible with CMS and PKCS7. Although I agree with this in spirit, it's also our biggest problem in my opinion. To the extent that we enable app developers to reuse keys, combine signature/encryption, etc, we run risks of creating footholds for cryptanalysis that aren't present in PKCS7/CMS. Publishing a spec that puts the burden of cryptanalytic soundness on the app developer is a useless, probably even dangerous activity. Suppose I believe that CMS and PKCS7 have a sound treatment of signing and encryption from a cryptanalytic point of view. It would be great if I knew that any cryptanalytic attack on my XML Encryption/XML SIgnature application would lift to a PKCS 7 attack, ie, that my XML app is at least as secure as PKCS7. Maybe there could be PKCS7 "profile" or something? Whether this is possible or even a reasonable way to think of this I don't know. Thane Plambeck VeriSign
Received on Thursday, 22 March 2001 12:24:54 UTC