ietf-smime
[Top] [All Lists]

Re: Information on PKCS #1 vulnerability and update

1998-07-17 12:28:42
At 03:10 PM 7/17/98 -0400, Linn, John wrote:
As a result, the attack
appears appreciably less feasible to perpetrate for store-and-forward S/MIME
environments than for directly-interactive protocols (e.g., SSL, for which
the vulnerability was first identified).  If S/MIME messaging constructs are
applied as an intermediate layer within an interactive request-response
communications environment, exploitation within such a context could become
more feasible.

This is well worth mentioning in the Security section of the MSG draft, I
believe.

Note that it is very likely that S/MIME v3 will continue to refer to RFC
2313. It is not expected that the new PKCS #7 v2 document will be an RFC
any time soon (although RSADSI has indicated a desire to submit it as an
RFC after it is finished). Thus, I think adding a note about this
now-well-known problem in the MSG draft would be a Very Good Thing.

--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread] Current Thread [Next in Thread>