[Top] [All Lists]

digested-data, surreptitious forwarding, D-H

2002-07-26 14:32:35

With more diligence I probably could've answered these from the archives.
But a few questions:

1) I'm surprised S/MIME doesn't use CMSs' digested-data with enveloped-data.
In the case of encrypted but not signed mails, doesn't this leave the
message vulnerable to things like cut-and-paste attacks (where an attacker
reorders ciphertext blocks, so upon decrypting the recipient sees reordered

2) At some point I thought there was an Internet-Draft for a signed
attribute to address Don Davis' surreptitious forwarding concern.  I don't
see it now.  Has that been dropped, or has some other fix been incorporated

3) I see that Diffie-Hellman key pairs can be encrypted to, using either
static-static or ephemeral-static modes.  It seems like a Diffie-Hellman key
pair should be able to sign as well, using something like a static-ephemeral
mode.  Is there a cryptographic reason why this can't/shouldn't be done, or
is it just incidental that it isn't supported?  

The reason it seems like this might be useful is that Diffie-Hellman
agreement values can be cached, so a signer could perform lots of signatures
efficiently with such a key pair, which could be useful for something like a
DOMSEC gateway, which may have high volume mail flows and large key pairs.