W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2002

RE: Encrypting the IV - again. Was: Re: nonce length

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 4 Feb 2002 07:44:07 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F409DF650B@vhqpostal.verisign.com>
To: Blair Dillaway <blaird@microsoft.com>, Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, reagle@w3.org
Cc: xml-encryption@w3.org
To put Blair's point more concisely, Encryption protects confidentiality,
any attempt to use encryption alone to protect integrity is doomed to
failure. The same attacks can be performed through manipulation of the
cipher stream.


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
781 245 6996 x227

Received on Monday, 4 February 2002 10:43:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:07 UTC