Re: Simplifying S/MIME v3

signedandEnvelopedData has a flaw.  An attacker can stip the signature from
the message, then by changing the OID, the recipient will think that the
message we encrypted.

This attack is mitigated by using signedData and envelopedData independently.

Russ

<Prev in Thread]	Current Thread	[Next in Thread>
Simplifying S/MIME v3, John Pawling Re: Simplifying S/MIME v3, Peter Williams Re: Simplifying S/MIME v3, Russ Housley <= RE: Simplifying S/MIME v3, Blake Ramsdell Re: Simplifying S/MIME v3, John Pawling RE: Simplifying S/MIME v3, John Pawling RE: Simplifying S/MIME v3, mmyers Re: Simplifying S/MIME v3, John Pawling Re: Simplifying S/MIME v3, Graham Klyne Re: Simplifying S/MIME v3, John Pawling Re: Simplifying S/MIME v3, John Pawling

Previous by Date:	Re: Simplifying S/MIME v3, John Pawling
Next by Date:	Re: Simplifying S/MIME v3, Graham Klyne
Previous by Thread:	Re: Simplifying S/MIME v3, Peter Williams
Next by Thread:	RE: Simplifying S/MIME v3, Blake Ramsdell
Indexes:	[Date] [Thread] [Top] [All Lists]