Question... If (1) WS-Security is used, and (2) the message body is super- encrypted, is there ANY need for digital signatures? Thx, -Matt Long Phalanx...
Hello, As some evil spammer is spamming half of taiwan using this alias as the from: field, it is off-line. Please use an alternate email address to contact...
... A digital siganture (at least public-key based) tells you two things: That content wasn't modified in transit Who the sender was -- the holder of the...
Hi Rich, If it is modified in transit, would it not fail to decrypt from the receiver's pov. With the caveat that WS-Security is used to identity the sender...
... But if it's typical XML-Encryption, then anyone can create new fake content. Data is encrypted with a bulk key (3DES or AES), and that session key is...
I'm using Axis 1.1 to communicate with a .Net server that uses a custom header for passing authentication information. I've used WSDL2Java to create proxy...
Here's the scenario. (1) Sender generates an RC2 key-pair. (2) Sender encrypts the RC2 Key (not the IV) via RSA using the sender's RSA private key. (3) Sender...
Clever idea. Just because I haven't heard of it doesn't mean it's not known to real cryptographers, of course. :) One of the best lists for discussing this...
Hello all, I was referred to this group from a link on soaplite.com I'm wondering... does anybody use the built-in "Chat" feature included with this Yahoo!...
... There is nothing wrong with the dsig, but it's overhead (and plenty of it). IMHO, the necessity for large and scaleable secure applications it great. I ...
In talking it over with a colleague here, we did find one weakness in your scheme. Once the recipient has unwrapped the outer part, and then unwrapped the...
... You are correct, but sender-2-recipient is secured AFAIK, e.g., using SSL to send credit card info to a processor doesn't guarantee the processor isn't ...
... Since VISA is liable for any fraud if they publish your ccard number, there is strong incentive for them to not do that kind of thing. Similarly, there are...
... Yes; the weaknesses are pretty much the same: with a symmetric key either side can forge content. But for Ccards over the web, the out-of-band framework...
... Hmmm...under my scenario the content can be duplicated, but not altered. Because the receiver does not have the private key of the sender, i.e., the ...
... Perhaps I don't understand. I was talking about re-using the cipher to create a modified message. The adversary (compromised recipient) doesn't need to...
Allow me to try this will a little pseudo-math. Encryption for Sender: SymmetricKey1 = TripleDES(IV1,Key1) CipherValue1 = Encrypt[TripleDES(MyMessage)] ...
Good -- a common notation. :) Now, a compromised receiver does the following. First, get the keys: Key2 = RSA_Decrypt[OuterEncryptedKey] [using receiver's RSA...
... But BadCipher1 now has RSA_Encrypt(Key1) from the receiver and not the original sender, because the receiver never had access to the sender's RSA private...
... No, use the original encrypted Key1. ... Right, but there's no proof of what content the sender provided. More precisely, the proof is "who generated...
... Thanks, I'm clear now. Receiver decrypts both wrappers then reuses RSA_Encrypted(Key) for the outbound traffic. Now, my trusted intermediary/trust-broker...
...up, everyone? I've been looking through the message archives here, and have noticed that about half of the questions/messages posted on this list never get...
This list is targeted at people building SOAP toolkits to cover spec issues, cross toolkit interop issues etc., not for people bulding applications that use...
Hm. This is your second posting. It's a complaint, basically, that you didn't get any responses to your general question posted less than 36 hours before. ...
A simpler fix is for the sender to do SHA1(message), and then encrypt (key1+digest) with their private key. That's simpler because it's a classic digital...
... This list is targeted at people building SOAP toolkits to cover spec issues, cross toolkit interop issues etc., not for people bulding applications that...
Hi gurus, I hope I am sending this query to the right group. I have been facing a problem with signing soap attachments. My intension is to create an envelope...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
