On Sat, 25 Nov 1995, Adam Shostack wrote:
Does X.509 version 3 fix the problem that Ross Anderson points out in his 'Robustness Principles' paper? (Crypto '95 proceedings, or ftp.cl.cam.ac.uk/users/rja14/robustness.ps.Z)
Its an excellent paper, well worth reading, but the basic problem is that X.509 encrypts before signing.
You'd rather sign before encryption?? Doesn't that give you "known plain-text" to attack? i.e. the signature. I'm not sure whether it would or wouldn't, but I'm sure some cryptographers here might clear that up mighty quick -- before any more harm is allowed, I mean.
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume
Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E.