Y = MAC(message, KeySymmetric)
Sig = Sign(message, KeyPrivate)
Both generate an output that can be verified. In the case of a signature
algorithm, the recipient uses a public key to verify the signature. In the
case of a MAC algorithm, the recipient uses the same symmetric key for
verification as was used for creation.
Jim
-----Original Message-----
From: smime-bounces(_at_)ietf(_dot_)org
[mailto:smime-bounces(_at_)ietf(_dot_)org] On
Behalf Of DataPacRat
Sent: Tuesday, October 22, 2013 1:20 PM
To: Jim Schaad
Cc: smime(_at_)ietf(_dot_)org
Subject: Re: [smime] [pkix] Initial inquiry: Signed vCards
On Tue, Oct 22, 2013 at 3:57 PM, Jim Schaad
<ietf(_at_)augustcellars(_dot_)com>
wrote:
I may be missing something, but I do not see how using a MAC function
is going to provide any degree of security in this case.
The basic presumption of using a MAC function is that the secret is
known only to two people. The generator and the consumer. If it is
known to multiple people, especially if it is advertised in a URL,
then a new MAC value can be created by anybody that can get the secret
value and a new vcard substituted.
From Sean Turner's suggestion, I assumed that 'output of a HMAC' was
effectively a synonym for 'the authentication hash generated by the
relevant
key's algorithm'. If that's not the case, such as only applying to email
rather
than encryption in general, then that change may need to be changed.
Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime