RE: Ordering of encryption and signing of a S/MIME message

ietf-smime

RE: Ordering of encryption and signing of a S/MIME message

2002-10-21 02:45:04

For security reasons, you should first sign your message and then encrypt

it with the recipient's public key. If you

perform the the reverse operation (encrypt then sign), then a threat

agent may

intercept you message, skip your signature and sign "your encrypted"

message. So the recipient will hence receive a

signed message from the threat agent and no more from you.


And how can the threat agent do this using the expected private key? And if 
it can't, wouldn't the receving agent have a serious security hole if it 
accepted such a message?

Curiously yours.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Ordering of encryption and signing of a S/MIME message, malek . bechlaghem RE: Ordering of encryption and signing of a S/MIME message, Antoine Alberti <= RE: Ordering of encryption and signing of a S/MIME message, Housley, Russ RE: Ordering of encryption and signing of a S/MIME message, Blake Ramsdell RE: Ordering of encryption and signing of a S/MIME message, malek . bechlaghem

Previous by Date:	RE: Ordering of encryption and signing of a S/MIME message, malek . bechlaghem
Next by Date:	RE: Ordering of encryption and signing of a S/MIME message, Housley, Russ
Previous by Thread:	RE: Ordering of encryption and signing of a S/MIME message, malek . bechlaghem
Next by Thread:	RE: Ordering of encryption and signing of a S/MIME message, Housley, Russ
Indexes:	[Date] [Thread] [Top] [All Lists]