[Top] [All Lists]

RE: AES and PKCS #1 v1.5 Issue

2002-07-16 23:38:39

"Jim Schaad" <jimsch(_at_)nwlink(_dot_)com> writes:

There is one large difference between TLS and CMS.  The TLS protocol has
already been modified to deal with the attacks on PKCS#1 v1.5, CMS has
not been modified to deal with these attacks.  Therefore I do not
necessarily think that the TLS conclusion on this is sufficient.

There's an RFC on this for S/MIME as well.

(The obvious comment is that TLS was modified because it needed to be.  
You'd really have to bend over backwards to create an S/MIME 
implementation which was vulnerable to the Bleichenbacher attack, and
even if you had one I can't imagine any MTA which would just sit there
and calmly accept 1M email messages from the same source in today's
spam-aware world).


<Prev in Thread] Current Thread [Next in Thread>