[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: weak authentication issue with rfc5083

To: dbrown@xxxxxxxxxxxx, ietf-smime@xxxxxxx, ietf@xxxxxxxxxxxxxxxxx, pgut001@xxxxxxxxxxxxxxxxx, trevorf@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: weak authentication issue with rfc5083
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Tue, 13 May 2008 02:17:29 +1200
In-reply-to: <C49217E2D694874EB820EA90DCE67619C35FA464@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Daniel Brown <dbrown@xxxxxxxxxxxx> writes:

>This is a serious problem, imo.  If Bob receives an AuthenticatedData from
>Alice but it is not really from Alice, then there really is no
>authentication, despite the promise that AuthenticatedData provides
>authentication.  What security service is AuthenticatedData providing in this
>case?

Maybe it would have been better to call it IntegrityProtectedData :-).  That's
actually the only thing I've ever used it for, my assumption was that you sign
email and you MAC stored data.

Peter.

References:
- RE: weak authentication issue with rfc5083
  - From: Daniel Brown

Prev by Date: RE: S/MIME v3.2 IDs key size text
Previous by thread: RE: weak authentication issue with rfc5083
Next by thread: RE: weak authentication issue with rfc5083
Index(es):
- Date
- Thread