Stephen,
Dr Stephen Henson
<shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk> 02/03/99
05:25PM >>>
Apologies if I've missed the point here but...
[RRJ] Me too, as I have not been following the S/MIME - CMS discussion in any
depth, but only seized on the issue of key wrapping as a general problem.
Within Novell's NICI architecture we do lots of key wrapping for purposes that
have nothing to do with S/MIME. Once the discussion pointed out a potential
weakness in key wrapping generally (and this seems to be just one of a class
of problems that have been uncovered recently, including the SSL
million-questions
attack.
Is there some specific need to use the same KEK for mailing lists
multiple times or could the same solution be used as in S-S DH?
In other words make the use of a "salt" in the message compulsory and
use the mailing list key in place of the DH shared secret (ZZ). This
would then allow the same mailing list key to be used multiple times
because the KEK would be different with each salt.
[RRJ] Rules of thumb are inherently dangerous, but my own preference
when a problem shows up is to reach for a bigger hammer and try to smash the
problem completely, rather than trying to finesse it. So I'd much rather have a
generalized key wrapping scheme than one that is tied to S/MIME or even CMS
specifically.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk
NOTE NEW (13/12/98) PGP key: via homepage.