- From: Mike Just <Mike.Just@entrust.com>
- Date: Fri, 1 Feb 2002 14:59:54 -0500
- To: reagle@w3.org
- Cc: xml-encryption@w3.org
- Message-ID: <9A4F653B0A375841AC75A8D17712B9C902B95E0C@sottmxs04.entrust.com>
Sorry, yes, the current text that you cite below is fine. Cheers, Mike -----Original Message----- From: Joseph Reagle [mailto:reagle@w3.org] Sent: Friday, February 01, 2002 11:38 AM To: Mike Just; 'Fritz Schneider'; Christian Geuer-Pollmann Cc: Blair Dillaway; Donald E. Eastlake 3rd; xml-encryption@w3.org Subject: Re: Encrypting the IV - again. Was: Re: nonce length Mike, the Editors' copy does say the following, let me know if your proposed text is intended to replace it (you want more detail) or if you were unaware of the latest text and find it satisfactory: http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-Nonce ... For the Cipher Block Chaining (CBC) mode used by this specification the IV must be non-repeating under a key and should be random, but it need not be secret. Additionally, under this mode an adversary modifying the IV can make a known change in the plain text after decryption. This attack can be avoided by securing the integrity of the plain text data, for example by signing it. On Thursday 31 January 2002 08:44, Mike Just wrote: > I suggest that no requirements be changed, but that something like the > following be added to the Security Considerations section: > "Modification of the IV by an attacker allows predictable bit changes to > be made to the first plaintext block upon decryption. Similarly, > modification to ciphertext block Ci causes plaintext blocks Mi and Mi+1 > to be altered upon decryption. As always, if integrity of the plaintext > is desired, then one should use an appropriate algorithm from XML DigSig > computed over the plaintext." -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Friday, 1 February 2002 14:58:46 UTC