[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cypherpunk Certification Authority
- To: [email protected]
- Subject: Re: Cypherpunk Certification Authority
- From: [email protected]
- Date: Sun, 26 Nov 1995 01:53:12 -0800
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
- Sender: [email protected]
On Sat, 25 Nov 1995, Adam Shostack wrote:
> Does X.509 version 3 fix the problem that Ross Anderson points
> out in his 'Robustness Principles' paper? (Crypto '95 proceedings, or
> Its an excellent paper, well worth reading, but the basic
> problem is that X.509 encrypts before signing.
You'd rather sign before encryption??
Doesn't that give you "known plain-text" to attack? i.e. the signature.
I'm not sure whether it would or wouldn't, but I'm sure some
cryptographers here might clear that up mighty quick -- before any more
harm is allowed, I mean.
> "It is seldom that liberty of any kind is lost all at once."
Alice de 'nonymous ...
...just another one of those...
P.S. This post is in the public domain.
C. S. U. M. O. C. L. U. N. E.