Loading ...
Sorry, an error occurred while loading the content.

9621Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures

Expand Messages
  • mlong@bridgetonconsulting.com
    Dec 3 9:21 AM
      Quoting Rich Salz <rsalz@...>:

      > In talking it over with a colleague here, we did find one weakness in
      > your scheme. Once the recipient has unwrapped the outer part, and then
      > unwrapped the internal key, they can forge any message and make it
      > appear as if it came from the sender. I don't know if you're worried
      > about that or not. "But you promised me $10,000. not $1,000. See, I have
      > your original message."

      You are correct, but sender-2-recipient is secured AFAIK, e.g., using SSL to
      send credit card info to a processor doesn't guarantee the processor isn't
      publishing the information to a chat room, but you inherently trust that VISA
      isn't doing that. Only the sender and the intended recipient can see/decrypt
      the information. Right!?!
      >
      > One way to fix this might be to include a signed hash of the original
      > document.
      >
      > You should look at PKCS#7 (sorry I wasn't clear, when I said what's
      > wrong with a standard I meant any standard, not just XML DSIG).
      >
      > As for your intermediary approach.. you know about Kerberos, right?

      I have doubts about Kerberos in the short-term, because of the overhead of
      ticket exchange and the decentralization of KDCs. One can certainly utilize
      Kerberos intra-enterprise effectively as generally you are working with a
      single KDC, but once you start scaling with reckless abandon outside the
      enterprise engineering issues compond rather quickly.

      This is a good discussion.

      -Matt
    • Show all 22 messages in this topic