[Top] [All Lists]

RE: digested-data, surreptitious forwarding, D-H

2002-07-26 19:28:44

scratch question 3, this week has fried my brains more than I thought..

-----Original Message-----
From: Trevor Perrin [mailto:Tperrin(_at_)sigaba(_dot_)com]
Sent: Friday, July 26, 2002 2:32 PM
To: 'ietf-smime(_at_)imc(_dot_)org'
Subject: digested-data, surreptitious forwarding, D-H

With more diligence I probably could've answered these from 
the archives.
But a few questions:

1) I'm surprised S/MIME doesn't use CMSs' digested-data with 
In the case of encrypted but not signed mails, doesn't this leave the
message vulnerable to things like cut-and-paste attacks 
(where an attacker
reorders ciphertext blocks, so upon decrypting the recipient 
sees reordered

2) At some point I thought there was an Internet-Draft for a signed
attribute to address Don Davis' surreptitious forwarding 
concern.  I don't
see it now.  Has that been dropped, or has some other fix 
been incorporated

3) I see that Diffie-Hellman key pairs can be encrypted to, 
using either
static-static or ephemeral-static modes.  It seems like a 
Diffie-Hellman key
pair should be able to sign as well, using something like a 
mode.  Is there a cryptographic reason why this 
can't/shouldn't be done, or
is it just incidental that it isn't supported?  

The reason it seems like this might be useful is that Diffie-Hellman
agreement values can be cached, so a signer could perform 
lots of signatures
efficiently with such a key pair, which could be useful for 
something like a
DOMSEC gateway, which may have high volume mail flows and 
large key pairs.