[86700] in cryptography@c2.net mail archive
Re: Public key encrypt-then-sign or sign-then-encrypt?
daemon@ATHENA.MIT.EDU (Jeff.Hodges@KingsMountain.com)
Fri Apr 27 22:14:04 2007
To: Mads Rasmussen <mads@lsitec.org.br>
cc: cryptography@metzdowd.com
In-reply-to: Mads Rasmussen <mads@lsitec.org.br> 's message of
Wed, 25 Apr 2007 15:24:06 -0300
Reply-to: Jeff.Hodges@KingsMountain.com
From: Jeff.Hodges@KingsMountain.com
Date: Thu, 26 Apr 2007 15:18:15 -0700
There's also this paper..
Donald T. Davis, "Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP,
and XML.", Proc. Usenix Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001),
pp. 65-78
http://world.std.com/~dtd/#sign_encrypt
..which addresses some of the questions, in a certain context, that Travis
raised.
=JeffH
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
