Loading ...
Sorry, an error occurred while loading the content.

9650Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures

Expand Messages
  • Rich Salz
    Dec 9, 2003
    • 0 Attachment
      > You see what I'm after, i.e., high security + scalable implementable features
      > + compact wire format.
      > Thoughts!?!

      Yeah, there's no such thing as a free lunch. :)

      Folks often complain about how "big" SSL is, or how complicated
      XML DSIG is, etc. Unfortunately, they are that way because they need
      to be in order to be resistant to various threats. And then you have
      to fight the deployment barriers: if SSL, PKCS#7 and/or XML DSIG are
      already everywhere, what's the incentive to try something that hasn't
      had the same level of analysis? Unless you're Ron Rivest (the R of RSA)
      designing a new micro-payment protocol (www.peppercoin.com), you're
      generally better off accepting the trade-offs of commodity security

      Now, RSA_PublicKey_Encrypt(SHA1(message) + key1) seems reasonable
      to me. But it's quite possible that there's some obscure corner of
      crypto that makes this a bad idea. I still think it's worth
      posting it to the cryptography mailing list.


      Rich Salz Chief Security Architect
      DataPower Technology http://www.datapower.com
      XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
      XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
    • Show all 22 messages in this topic