"Jim Schaad" <jimsch(_at_)nwlink(_dot_)com> writes:
I think that this is an interesting accademic problem, until I see a real
world need for a solution I think it should be ignored.
Unaccustomed as I am to agreeing with Jim :-), I concur with this opinion.
Anything of any importance (eg electronic payment instruction, contract, etc)
which relies on signatures will include more than enough information in the
signed body to resolve any difficulties, and even if there were some pressing
demand for this (there isn't), it's not at all clear what a correct solution
Speaking of academic exercises, I'm surprised noone's mentioned Serge
Vaudenay's PKCS #5 padding attack yet...