OASIS ebXML Messaging Services TC

Re: [ebxml-msg] Sign and Encrypt

  • 1.  Re: [ebxml-msg] Sign and Encrypt

    Posted 11-05-2001 13:27
       Date: Mon, 05 Nov 2001 12:43:23 -0500
       From: "Miller, Robert (GXS)" <Robert.Miller@gxs.ge.com>
    
    I agree with David Fischer: almost always, you want to sign and
    then encrypt rather than the other way.
    
       Well now, the 'King' sealed his envelopes with a wax stamp using the ring he
       wore on his hand.
    
       Having provided some precedence for 'encrypt then sign', 
    
    I don't think this is an example of "encrypt then sign".  It's more
    like doing both at once: the sealing wax ensures confidentiality,
    integrity, and authenticity, all at once.
    
    Problems with "encrypt then sign" include:
    
    If Alice encrypts-then-signs a message and sends it to Bob, Bob can
    decrypt it and verify the signature, but if Bob wants to show it to
    Carol, and passes on the original message and cleartext, Carol might
    accuse Bob of lying about which letter arrived in which envelope.
    With sign-then-encrypt, Bob can decrypt and then give the signed
    message to Carol.
    
    With sign-then-encrypt, an adversary can't remove a signature from
    the message and add his own.
    
    And if the text to be signed is not visible to the signer (because
    it's encrypted), the signature may have little legal force.
    
    Reference: "Applied Cryptography" by Bruce Schnier, section
    2.7 "Digital Signatures with Encryption".
    
    -- Dan