- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 17 Jan 2002 18:28:20 -0500
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: Dan Lanz <lanz@zolera.com>, xml-encryption@w3.org, blaird@microsoft.com
On Tuesday 08 January 2002 10:04, Christian Geuer-Pollmann wrote: > about the use of the IV in block encryption in CBC mode: > [Menezes/Orschoot/Vanstone] state in Remark 7.16 (integrity if IV in > CBC): > > "While the IV in the CBC mode need not be secret, its > integrity should be protected, since malicious > modifications thereof allows an adversary to make > predictable bit changes to the first plaintext > block recovered." Is this specified as a distinct mode from CBC? I'm most comfortable doing things that have been well specified and already used. So I prefer we say CBC IV doesn't give integrity (nor must the IV be secret) but there are other modes and approaches. If a CBC with ECB encrypted IVs is specified, reviewed, and used then I'd be interested in using that, but I'm not sure we should specify it... (See the new 6.3) -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 17 January 2002 18:28:27 UTC