Loading ...
Sorry, an error occurred while loading the content.

Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures

Expand Messages
  • Rich Salz
    ... Yeah, there s no such thing as a free lunch. :) Folks often complain about how big SSL is, or how complicated XML DSIG is, etc. Unfortunately, they are
    Message 1 of 22 , Dec 9, 2003
    View Source
    • 0 Attachment
      > You see what I'm after, i.e., high security + scalable implementable features
      > + compact wire format.
      >
      > Thoughts!?!

      Yeah, there's no such thing as a free lunch. :)

      Folks often complain about how "big" SSL is, or how complicated
      XML DSIG is, etc. Unfortunately, they are that way because they need
      to be in order to be resistant to various threats. And then you have
      to fight the deployment barriers: if SSL, PKCS#7 and/or XML DSIG are
      already everywhere, what's the incentive to try something that hasn't
      had the same level of analysis? Unless you're Ron Rivest (the R of RSA)
      designing a new micro-payment protocol (www.peppercoin.com), you're
      generally better off accepting the trade-offs of commodity security
      mechanisms.

      Now, RSA_PublicKey_Encrypt(SHA1(message) + key1) seems reasonable
      to me. But it's quite possible that there's some obscure corner of
      crypto that makes this a bad idea. I still think it's worth
      posting it to the cryptography mailing list.

      /r$

      --
      Rich Salz Chief Security Architect
      DataPower Technology http://www.datapower.com
      XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
      XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
    Your message has been successfully submitted and would be delivered to recipients shortly.