ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: CMS and PKCS7 signedAndEnvelopedData

2005-08-29 10:16:32
from [Russ Housley] [Permanent Link] 

Alicia:
The SignedAndEnvelopedData was dropped because of a security concern. An attacker can remove the signature, essentially making an EnvelopedData, and the recipient has no way to tell that the originator intended to sign and encrypt the protected content. 

Russ

At 08:13 AM 8/27/2005, Alicia da Conceicao wrote:


Greetings:

Does CMS (Cryptographic Message Syntax) support signedAndEnvelopedData
as specified in PKCS7 v 1.5?  I cannot find any references to
signedAndEnvelopedData in RFC-2630.

Has signedAndEnvelopedData been deprecated in favour of placing signedData
within encrypted envelopedData, in order to protect the identity of the
signer?

Thank you in advance.
Alicia.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: CMS and PKCS7 signedAndEnvelopedData, Russ Housley <=
Previous by Date:  CAdES: <draft-pinkas-smime-cades-01.txt>, Denis Pinkas
Next by Date:  replacement for signedAndEnvelopedData for CMS with external encrypted data, Alicia da Conceicao
Previous by Thread:  CAdES: <draft-pinkas-smime-cades-01.txt>, Denis Pinkas
Next by Thread:  replacement for signedAndEnvelopedData for CMS with external encrypted data, Alicia da Conceicao
Indexes:  [Date] [Thread] [Top] [All Lists]