RE: digested-data, surreptitious forwarding, D-H

scratch question 3, this week has fried my brains more than I thought..

> -----Original Message-----
> From: Trevor Perrin [mailto:Tperrin(_at_)sigaba(_dot_)com]
> Sent: Friday, July 26, 2002 2:32 PM
> To: 'ietf-smime(_at_)imc(_dot_)org'
> Subject: digested-data, surreptitious forwarding, D-H
>
>
>
>
> With more diligence I probably could've answered these from 
> the archives.
> But a few questions:
>
> 1) I'm surprised S/MIME doesn't use CMSs' digested-data with 
> enveloped-data.
> In the case of encrypted but not signed mails, doesn't this leave the
> message vulnerable to things like cut-and-paste attacks 
> (where an attacker
> reorders ciphertext blocks, so upon decrypting the recipient 
> sees reordered
> plaintext)?
>
> 2) At some point I thought there was an Internet-Draft for a signed
> attribute to address Don Davis' surreptitious forwarding 
> concern.  I don't
> see it now.  Has that been dropped, or has some other fix 
> been incorporated
> somewhere?
>
> 3) I see that Diffie-Hellman key pairs can be encrypted to, 
> using either
> static-static or ephemeral-static modes.  It seems like a 
> Diffie-Hellman key
> pair should be able to sign as well, using something like a 
> static-ephemeral
> mode.  Is there a cryptographic reason why this 
> can't/shouldn't be done, or
> is it just incidental that it isn't supported?  
>
> The reason it seems like this might be useful is that Diffie-Hellman
> agreement values can be cached, so a signer could perform 
> lots of signatures
> efficiently with such a key pair, which could be useful for 
> something like a
> DOMSEC gateway, which may have high volume mail flows and 
> large key pairs.
>
> Trevor