RE: weak authentication issue with rfc5083

ietf-smime

RE: weak authentication issue with rfc5083

2008-05-12 07:48:08


Daniel Brown <dbrown(_at_)certicom(_dot_)com> writes:

This is a serious problem, imo.  If Bob receives an AuthenticatedData from
Alice but it is not really from Alice, then there really is no
authentication, despite the promise that AuthenticatedData provides
authentication.  What security service is AuthenticatedData providing in this
case?


Maybe it would have been better to call it IntegrityProtectedData :-).  That's
actually the only thing I've ever used it for, my assumption was that you sign
email and you MAC stored data.

Peter.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: weak authentication issue with rfc5083, (continued) RE: weak authentication issue with rfc5083, Trevor Freeman RE: weak authentication issue with rfc5083, Jim Schaad RE: weak authentication issue with rfc5083, Trevor Freeman RE: weak authentication issue with rfc5083, Jim Schaad RE: weak authentication issue with rfc5083, Trevor Freeman RE: weak authentication issue with rfc5083, Daniel Brown Re: weak authentication issue with rfc5083, Peter Gutmann RE: weak authentication issue with rfc5083, Jim Schaad RE: weak authentication issue with rfc5083, Peter Gutmann RE: weak authentication issue with rfc5083, Daniel Brown RE: weak authentication issue with rfc5083, Peter Gutmann <= RE: weak authentication issue with rfc5083, Trevor Freeman RE: weak authentication issue with rfc5083, Trevor Freeman

Previous by Date:	RE: S/MIME v3.2 IDs key size text, Carl Wallace
Next by Date:	Re: S/MIME v3.2 IDs key size text, Paul Hoffman
Previous by Thread:	RE: weak authentication issue with rfc5083, Daniel Brown
Next by Thread:	RE: weak authentication issue with rfc5083, Trevor Freeman
Indexes:	[Date] [Thread] [Top] [All Lists]