ietf-smime
[Top] [All Lists]

Re: [smime] [pkix] Initial inquiry: Signed vCards

2013-10-22 15:20:27
On Tue, Oct 22, 2013 at 3:57 PM, Jim Schaad <ietf(_at_)augustcellars(_dot_)com> 
wrote:
I may be missing something, but I do not see how using a MAC function is
going to provide any degree of security in this case.

The basic presumption of using a MAC function is that the secret is known
only to two people.  The generator and the consumer.  If it is known to
multiple people, especially if it is advertised in a URL, then a new MAC
value can be created by anybody that can get the secret value and a new
vcard substituted.

From Sean Turner's suggestion, I assumed that 'output of a HMAC' was
effectively a synonym for 'the authentication hash generated by the
relevant key's algorithm'. If that's not the case, such as only
applying to email rather than encryption in general, then that change
may need to be changed.


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime