W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Re: Signing encrypted data

From: Joseph Ashwood <jashwood@arcot.com>
Date: Mon, 26 Mar 2001 16:48:25 -0800
Message-ID: <013301c0b658$4f91daf0$2a0210ac@livermore>
To: "Xml Encrypt \(E-mail\)" <xml-encryption@w3.org>
----- Original Message -----
From: "Amir Herzberg" <AMIR@newgenpay.com>
> So, it seems we do agree, at least, on what we disagree on: whether the
> draft should intentionally exclude signing of plaintext (while sending
> an encrypted version of it for confidentiality). Right?
> You seem to think this is justified for a `very good security reasons`.
> Right?
> Question: what are these security reasons?

Well the security reason is that if the signature doesn't include enough
randomness then the signature can be guessed. Which leads to potential

The usability reason is that if the verifier can't decrypt the segment that
was encrypted after signing, the signature can't be verified, so the
verifier must be able to decrypt to verify. This means there is no reason to
have the signature outside without the data. So there is no gain to be made
by risking security.

From this I conclude there is no valid reason to allow the signature to be
outside the encryption, and there may be a reason to not allow it outside.
Received on Monday, 26 March 2001 19:53:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:02 UTC