[43950] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Cypherpunk Certification Authority

daemon@ATHENA.MIT.EDU (anonymous-remailer@shell.portal.co)
Sun Nov 26 04:57:49 1995

Date: Sun, 26 Nov 1995 01:53:12 -0800
To: cypherpunks@toad.com
From: anonymous-remailer@shell.portal.com

On Sat, 25 Nov 1995, Adam Shostack wrote:

> 	Does X.509 version 3 fix the problem that Ross Anderson points
> out in his 'Robustness Principles' paper? (Crypto '95 proceedings, or
> ftp.cl.cam.ac.uk/users/rja14/robustness.ps.Z)
> 
> 	Its an excellent paper, well worth reading, but the basic
> problem is that X.509 encrypts before signing.

You'd rather sign before encryption??

Doesn't that give you "known plain-text" to attack?  i.e. the signature.

I'm not sure whether it would or wouldn't, but I'm sure some
cryptographers here might clear that up mighty quick -- before any more
harm is allowed, I mean. 

> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume


Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.



home help back first fref pref prev next nref lref last post