On Wed, Jul 20, 2005 at 02:51:48PM -0700, Jon Callas wrote:
Here's the final edit I have:
Many implementers have taken this advice to heart for any data that is
symmetrically encrypted and for which the session key is public-key
encrypted. In this case, the quick check is not needed as the public
key encryption of the session key should guarantee that it is the right
Shouldn't this be about decryption with secret key?
session key. In other cases, the implementation should use the quick
check with care.
--
marko