Loading ...
Sorry, an error occurred while loading the content.

9620Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures

Expand Messages
  • Rich Salz
    Dec 3, 2003
    • 0 Attachment
      In talking it over with a colleague here, we did find one weakness in
      your scheme. Once the recipient has unwrapped the outer part, and then
      unwrapped the internal key, they can forge any message and make it
      appear as if it came from the sender. I don't know if you're worried
      about that or not. "But you promised me $10,000. not $1,000. See, I have
      your original message."

      One way to fix this might be to include a signed hash of the original
      document.

      You should look at PKCS#7 (sorry I wasn't clear, when I said what's
      wrong with a standard I meant any standard, not just XML DSIG).

      As for your intermediary approach.. you know about Kerberos, right?
      /r$
      --
      Rich Salz, Chief Security Architect
      DataPower Technology http://www.datapower.com
      XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
      XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
    • Show all 22 messages in this topic