[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: sender-auth and ira

To: ietf-smime@xxxxxxx, jimsch@xxxxxxxxxx, rhousley@xxxxxxxxxxxxxxx
Subject: RE: sender-auth and ira
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Fri, 26 Oct 2001 16:58:41 (NZDT)
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Reply-to: pgut001@xxxxxxxxxxxxxxxxx
Sender: owner-ietf-smime@xxxxxxxxxxxx

"Jim Schaad" <jimsch@xxxxxxxxxx> writes:
>[Snip]
>
>I think that this is an interesting accademic problem, until I see a real
>world need for a solution I think it should be ignored.

Unaccustomed as I am to agreeing with Jim :-), I concur with this opinion.
Anything of any importance (eg electronic payment instruction, contract, etc)
which relies on signatures will include more than enough information in the
signed body to resolve any difficulties, and even if there were some pressing
demand for this (there isn't), it's not at all clear what a correct solution
would be.

Speaking of academic exercises, I'm surprised noone's mentioned Serge
Vaudenay's PKCS #5 padding attack yet...

Peter.

Prev by Date: RE: sender-auth and ira
Next by Date: Re: sender-auth and ira
Previous by thread: Re: sender-auth and ira
Next by thread: Re: sender-auth and ira
Index(es):
- Date
- Thread