Digital signatures have a big problem with meaning
Ben Laurie
ben at algroup.co.uk
Tue Jun 7 08:37:08 EDT 2005
Anne & Lynn Wheeler wrote:
> Peter Gutmann wrote:
>
>> That cuts both ways though. Since so many systems *do* screw with
>> data (in
>> insignificant ways, e.g. stripping trailing blanks), anyone who does
>> massage
>> data in such a way that any trivial change will be detected is going
>> to be
>> inundated with false positives. Just ask any OpenPGP implementor about
>> handling text canonicalisation.
>
>
> this was one of the big issues in the asn.1 encoding vis-a-vis xml
> encoding wars.
>
> asn.1 encoding provided deterministic encoding for signed material,
You mean it _would_ have done if anyone could implement it correctly.
Sadly, experience shows that no-one can.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list