9620Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures
- Dec 3, 2003In talking it over with a colleague here, we did find one weakness in
your scheme. Once the recipient has unwrapped the outer part, and then
unwrapped the internal key, they can forge any message and make it
appear as if it came from the sender. I don't know if you're worried
about that or not. "But you promised me $10,000. not $1,000. See, I have
your original message."
One way to fix this might be to include a signed hash of the original
You should look at PKCS#7 (sorry I wasn't clear, when I said what's
wrong with a standard I meant any standard, not just XML DSIG).
As for your intermediary approach.. you know about Kerberos, right?
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
- << Previous post in topic Next post in topic >>