- marked as enhancement
Messages - Rationale for signing and encryption order needed
Issue #344
resolved
The spec currently says “When the message is both signed and encrypted, it MUST be signed first then encrypted.” Rationale for this order should be added to the spec.
Comments (5)
-
-
reporter I'm fine with this being addresses with a line in the Security Considerations section.
-
-
assigned issue to
- changed status to open
Add some explanation text right after the original clause.
-
assigned issue to
-
- changed status to resolved
Fix
#344Messages - Rational for signing then encrypting added to security -
I added it to Security Considerations and referenced it, as it was in several places.
- Log in to comment
Noted.
This is a spec. and not whitepaper.
For people who has been working on dsig, it is obvious that otherwise it is not legally viable. Think of the case where encrypting the content with the receiver's public key first then signing over it. It is signing what the signer cannot see the content of. Thus, it is invalid as a digital signature. (It is only valid as MAC/Integrity).