W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Re: Signing encrypted data

From: Yongge Wang <ywang@certicom.com>
Date: Mon, 26 Mar 2001 20:39:59 -0500 (EST)
To: Joseph Ashwood <jashwood@arcot.com>
cc: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Message-ID: <Pine.BSF.3.96.1010326203646.17149A-100000@eng1.certicom.com>

> > an encrypted version of it for confidentiality). Right?
> >
> > You seem to think this is justified for a `very good security reasons`.
> > Right?
> >
> > Question: what are these security reasons?
> Well the security reason is that if the signature doesn't include enough
> randomness then the signature can be guessed. Which leads to potential
> compromises.

First I think this is a XML-DSIG problem. Secondly,
DSA and ECDSA all require to have a random seed "r"
for each signature. And the security issues are discussed
in the DSA or ECDSA standard. It is not a problem for
XML-Encryption. Also generally the signatures are on
plaintext. So this is really no reason to exclude
the case that one can sign on a plaintext. Most
contract are signed on plaintext (of course, need to
hash it first).


Yongge Wang -- Crypto Mathematician
Received on Monday, 26 March 2001 20:40:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:02 UTC