"Jim Schaad" <jimsch(_at_)nwlink(_dot_)com> writes:
There is one large difference between TLS and CMS. The TLS protocol has
already been modified to deal with the attacks on PKCS#1 v1.5, CMS has
not been modified to deal with these attacks. Therefore I do not
necessarily think that the TLS conclusion on this is sufficient.
There's an RFC on this for S/MIME as well.
(The obvious comment is that TLS was modified because it needed to be.
You'd really have to bend over backwards to create an S/MIME
implementation which was vulnerable to the Bleichenbacher attack, and
even if you had one I can't imagine any MTA which would just sit there
and calmly accept 1M email messages from the same source in today's