Loading ...
Sorry, an error occurred while loading the content.

9616Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures

Expand Messages
  • Rich Salz
    Dec 2, 2003
    • 0 Attachment
      Clever idea. Just because I haven't heard of it doesn't mean it's not
      known to real cryptographers, of course. :) One of the best lists for
      discussing this kind of thing in detail is the cryptography list moderated
      by Perry Metzger; email to majordomo@... for details.

      Anyhow, your technique provides confidentiality -- only the intended
      recipient can see the content. It also provides sender-authentiaction,
      since only the sender can encrypt the inner session key. But it doesn't
      provide a priori content integrity; that will depend on the content
      itself being error-detecting. This is probably okay for XML, since you're
      most likely to end up with something that won't parse. But that's
      only probablistic and if the data being sent is something like a GIF
      or MPEG, you'll probably never know.

      I'm curious why a standard dsig/enc combination isn't appropriate?
      Rich Salz Chief Security Architect
      DataPower Technology http://www.datapower.com
      XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
      XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
    • Show all 22 messages in this topic