OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [ebxml-msg] Sign and Encrypt

Title: RE: [ebxml-msg] Sign and Encrypt


My responses imbedded.


-----Original Message-----
From: Dan Weinreb [mailto:dlw@exceloncorp.com]
Sent: Monday, November 05, 2001 12:23 PM
To: Robert.Miller@gxs.ge.com
Cc: ebxml-msg@lists.oasis-open.org
Subject: Re: [ebxml-msg] Sign and Encrypt

   Date: Mon, 05 Nov 2001 12:43:23 -0500
   From: "Miller, Robert (GXS)" <Robert.Miller@gxs.ge.com>

I agree with David Fischer: almost always, you want to sign and
then encrypt rather than the other way.

MILR: Agreed. "almost always"

   Well now, the 'King' sealed his envelopes with a wax stamp using the ring he
   wore on his hand.

   Having provided some precedence for 'encrypt then sign',

I don't think this is an example of "encrypt then sign".  It's more
like doing both at once: the sealing wax ensures confidentiality,
integrity, and authenticity, all at once.

MILR: Confidentiality - NOT. The message may be intercepted and opened
      Integrity - NOT. While the king sleeps, his aide gains entry into his
                  bedroom and applies his stamp to the seal
      Auththenticity - Almost - See Integrity

     Encrypt then sign provides an indication of where the message came from,
     and 'freezes' the message content.  It has value for messsge transport.

     Sign then encrypt provides end-to-end C,I,A for the message content.
     Encrypt then sign only provides seal to unseal CIA.  Once the seal is
     broken (the message is decrypted) there is no residual protection, as
     your Bob and Alice scenario below demonstrates. 

Problems with "encrypt then sign" include:

If Alice encrypts-then-signs a message and sends it to Bob, Bob can
decrypt it and verify the signature, but if Bob wants to show it to
Carol, and passes on the original message and cleartext, Carol might
accuse Bob of lying about which letter arrived in which envelope.
With sign-then-encrypt, Bob can decrypt and then give the signed
message to Carol.

MILR: Agreed

With sign-then-encrypt, an adversary can't remove a signature from
the message and add his own.

MILR: Agreed

And if the text to be signed is not visible to the signer (because
it's encrypted), the signature may have little legal force.

MILR: Agreed. Which is why the king should sign the content of the envelope

Reference: "Applied Cryptography" by Bruce Schnier, section
2.7 "Digital Signatures with Encryption".

MILR: Reference: King Henry VIII

-- Dan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC