[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cypherpunk Certification Authority

To: [email protected]
Subject: Re: Cypherpunk Certification Authority
From: [email protected]
Date: Sun, 26 Nov 1995 01:53:12 -0800
Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
Sender: [email protected]

On Sat, 25 Nov 1995, Adam Shostack wrote:

> 	Does X.509 version 3 fix the problem that Ross Anderson points
> out in his 'Robustness Principles' paper? (Crypto '95 proceedings, or
> ftp.cl.cam.ac.uk/users/rja14/robustness.ps.Z)
> 
> 	Its an excellent paper, well worth reading, but the basic
> problem is that X.509 encrypts before signing.

You'd rather sign before encryption??

Doesn't that give you "known plain-text" to attack?  i.e. the signature.

I'm not sure whether it would or wouldn't, but I'm sure some
cryptographers here might clear that up mighty quick -- before any more
harm is allowed, I mean. 

> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Alice de 'nonymous ...

                                  ...just another one of those...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.

Follow-Ups:
- Re: Cypherpunk Certification Authority
  - From: James Black <[email protected]>

Prev by Date: Re: Cypherpunk Certification Authority
Next by Date: BOS_nya
Prev by thread: Re: Cypherpunk Certification Authority
Next by thread: Re: Cypherpunk Certification Authority
Index(es):
- Date
- Thread