[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] CMS (request for comments)
At 01:55 PM 4/26/2004 +0200, Andreas Kuehne wrote: >Trevor ! > > >>>>>Why should I do client-side hashing in this case? The server will get >>>>>the complete content anyway? >>>> >>>> >>>>Right - the benefits of client-side hashing (bandwidth-savings, >>>>privacy) can't be achieved. >>>> >>>>Actually, that's not quite true - the client could re-code the >>>>enveloping signature as a detached signature. In other words, the >>>>client could remove the enveloped data. This requires changing the >>>>length fields within the SignedData, so it's a little more surgery than >>>>just extracting SignerInfo's and certificates, but it's possible. >>> >>> >>>In 1980 I built my first modem with 300 baud. This gadget would have >>>caused the need for this otptimization. >> >> >>Well, I dunno - input documents could be large (for code-signing, say, or >>an S/MIME attachment). > >Well, thought about signed jars as detached signatures .. the classes >aren't included in the signature, are they ? Yeah, I think you're right. So I agree: there's not much use to the client recoding enveloping signatures as detached, to use client-side hashing. But it's at least possible. And we wouldn't have to do anything special in the protocol to support it. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]