ietf-smime
[Top] [All Lists]

Re: CMS and PKCS7 signedAndEnvelopedData

2005-08-29 10:16:32

Alicia:

The SignedAndEnvelopedData was dropped because of a security concern. An attacker can remove the signature, essentially making an EnvelopedData, and the recipient has no way to tell that the originator intended to sign and encrypt the protected content.

Russ

At 08:13 AM 8/27/2005, Alicia da Conceicao wrote:

Greetings:

Does CMS (Cryptographic Message Syntax) support signedAndEnvelopedData
as specified in PKCS7 v 1.5?  I cannot find any references to
signedAndEnvelopedData in RFC-2630.

Has signedAndEnvelopedData been deprecated in favour of placing signedData
within encrypted envelopedData, in order to protect the identity of the
signer?

Thank you in advance.
Alicia.

<Prev in Thread] Current Thread [Next in Thread>
  • Re: CMS and PKCS7 signedAndEnvelopedData, Russ Housley <=