For privacy reasons, the Plasma server is not permitted to see the message content being sent from the sender to the recipient.
The Plasma server gets the KEK and not the CEK. The Plasma server encrypts the OtherKeyAttribute not the message. I will need to re-read the documents but if you point out where this is not clear it would help. Jim From: [email protected] [mailto:[email protected]] On Behalf Of Dan Griffin Sent: Wednesday, June 27, 2012 1:54 PM To: [email protected] Subject: [plasma] Encrypted KEK and/or encrypted In the Plasma CMS extensions, the KEKRecipientInfo includes a member of type EncryptedKey. To confirm, is it intended that that KEK byte array be encrypted in addition to the outer P7 message being encrypted, both by the Plasma server? It would seem that the desired solution is for the Plasma server to encrypt the entire CMS data, for privacy purposes, and that therefore encrypting internal data members is redundant. Thanks.
_______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma
