[Top] [All Lists]

Replay of CMS SignedData

1998-08-10 18:37:44
Unless an application making use of SignedData includes a specifically
formatted field that includes replay prevention, any application protocol
using SignedData will be open to replay.

The CMS specification can reamin silent on this issue, or we can recommend
a simple patch.  Why not recommend that the signing time attribute always
be used?

When no authenticated atributes are included, this solution will not help.
In this case, the best we can do is a paragraph in the security
considerations section.



<Prev in Thread] Current Thread [Next in Thread>