On Wed, May 02, 2007 at 09:29:39AM -0600, Anne & Lynn Wheeler wrote: > where there is possibly the suggestion that if the only thing being > performed > is authentication (and doesn't require either integrity and/or privacy) ... > then possibly a totally different protocol by utilized (rather than > digital signature)
This reminds me a bit of a suggestion I once heard for protocol designers that the messages of the various steps of the protocol include a step number or something like it to prevent cut-and-paste attacks (presumably each message has some redundancy to protect the integrity/authenticity as well, like a running hash covering all the previous messages (in this direction)). I wonder if something similar couldn't be done with digital signatures, where the input is padded with data that indicates the semantics of the signature; not unlike the forms which say "by signing here I agree that..." This also makes it very difficult for the opponent to do any kind of chosen-plaintext trickery since the plaintext will be framed with this data that the opponent does not control, but that is also true with other padding options and such. -- Kill dash nine, and its no more CPU time, kill dash nine, and that process is mine. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpnvBUihZ9Sw.pgp
Description: PGP signature
