At Thu, 24 Jul 2008 17:09:17 -0400, Bruce Lowekamp wrote: > > Cullen Jennings wrote: > > > > This issues is brought up in section 7.1 > > _______________________________________________ > > P2PSIP mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/p2psip > > > > For those who haven't looked, the question is whether we need to include > the signer's identity in the data signature input. The draft currently > does not. I'm not aware of any reason to do so (assuming reasonble > numbers of bits being used for the keys).
So, the usual rationale here is to prevent substitution attacks. For instance, an attacker gets a certificate with your public key but his name and then takes a message you signed and rebadges it as a message he wrote. It's not clear that this is useful in any practical setting, but since it's not expensive to prevent, I was sort of thinking it was worth doing. -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
