Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
Take a look at this article: http://cryptosource.de/posts/smime_mta_en.html
Is there interest in updating the S/MIME specification to use authenticated-
It looks like a pretty contrived attack, you need to be able to truncate a
message, both at the start and end, on a 16-byte boundary to turn a signed
message into a plain, unsigned one, and still have the client accept the
result as a valid message. They found one client that does that, but that
sounds more like a buggy client than a major problem (none of the others did
In any case the fix should be pretty minimal, if anything is required at all:
If the SMIMECaps in the cert you're encrypting for indicates authEnc, use
that. My code already does that and possibly other impementations do too.
CMS already supports Enveloped-Data and Authenticated-Enveloped-Data. However,
the S/MIME specification does not say how to use Authenticated-Enveloped-Data.
I think that is the work to be done.
smime mailing list