- From: Fritz Schneider <fritz@cs.ucsd.edu>
- Date: Wed, 30 Jan 2002 16:06:46 -0800 (PST)
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- cc: Blair Dillaway <blaird@microsoft.com>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <reagle@w3.org>, <xml-encryption@w3.org>
On Wed, 30 Jan 2002, Christian Geuer-Pollmann wrote: > That's right. If the application has the requirement for integrity, > XML Signature SHOULD be used. Encrypting the IV does not guarantee the > integrity, it's not signcryption. I never promised that. But - shall > we really use some sub-optimal solution? Transfer the IV unencrypted > even if the vulnerabilities are obvious? I'd say no! I'd say yes. Consider the following observation: * If the user IS concerned about integrity then a MAC or digital signature must be used because an encrypted IV is not sufficient. So the encryption of the IV will be extra work that gains the user nothing -- they're already getting a much better integrity guarantee from their MAC or signature. * If the user IS NOT concerned about integrity then the encryption of the IV is extra work that gains the user nothing (because they don't care about integrity). Any way I look at it it seems to me that encrypting the IV is superfluous. -- fritz
Received on Wednesday, 30 January 2002 19:07:00 UTC