Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
Take a look at this article: http://cryptosource.de/posts/smime_mta_en.html
Is there interest in updating the S/MIME specification to use authenticated-
encryption?
It looks like a pretty contrived attack, you need to be able to truncate a
message, both at the start and end, on a 16-byte boundary to turn a signed
message into a plain, unsigned one, and still have the client accept the
result as a valid message. They found one client that does that, but that
sounds more like a buggy client than a major problem (none of the others did
it).
In any case the fix should be pretty minimal, if anything is required at all:
If the SMIMECaps in the cert you're encrypting for indicates authEnc, use
that. My code already does that and possibly other impementations do too.
Peter.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime