RE: Ordering of encryption and signing of a S/MIME message

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley, 
Russ
Sent: Monday, October 21, 2002 4:43 AM
To: bernd(_dot_)matthes(_at_)gemplus(_dot_)com
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Ordering of encryption and signing of a S/MIME message

An attacker can strip the SignedData encapsulation, making 
the recipient 
think that the originator sent an encrypted-only message.  
However, this 
construct is safe if the recipient will disregard any 
unsigned messages.


Another argument in the early days was that "encrypt and then sign"
would allow an opponent to collect the signature information from the
message.

From a client perspective, it might be interesting to see how well they

behave when presented with a signature around encryption.  The "What
Would Outlook Do" argument.

Blake

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

RE: The Great nonRepudiation vs. digitalSignature Debate, Hallam-Baker, Phillip

Next by Date:

RE: The Great nonRepudiation vs. digitalSignature Debate, Trevor Freeman

Previous by Thread:

RE: Ordering of encryption and signing of a S/MIME message, Housley, Russ

Next by Thread:

RE: Ordering of encryption and signing of a S/MIME message, malek . bechlaghem

Indexes:

[Date] [Thread] [Top] [All Lists]