[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cypherpunk Certification Authority

On Sat, 25 Nov 1995, Adam Shostack wrote:

> 	Does X.509 version 3 fix the problem that Ross Anderson points
> out in his 'Robustness Principles' paper? (Crypto '95 proceedings, or
> ftp.cl.cam.ac.uk/users/rja14/robustness.ps.Z)
> 	Its an excellent paper, well worth reading, but the basic
> problem is that X.509 encrypts before signing.

You'd rather sign before encryption??

Doesn't that give you "known plain-text" to attack?  i.e. the signature.

I'm not sure whether it would or wouldn't, but I'm sure some
cryptographers here might clear that up mighty quick -- before any more
harm is allowed, I mean. 

> Adam
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Alice de 'nonymous ...

                                  ...just another one of those...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.