9627Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures
- Dec 4, 2003
> Hmmm...under my scenario the content can be duplicated, but not altered.Perhaps I don't understand. I was talking about re-using the cipher to
> Because the receiver does not have the private key of the sender, i.e., the
> receiver cannot re-encrypt the inner cipher value identically (to spoof the
> original sender) due to the fact that the original sender's private key is not
> known to the receiver.
create a modified message. The adversary (compromised recipient)
doesn't need to generate a new inner key, he just re-uses it generate a
new messsage. Now the original sender can't prove the receiver wrong.
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
- << Previous post in topic Next post in topic >>