Defective sign & Encrypt in S/MIME, PKCs#7, Moss, PEM, PGP, and XML

Proceedings of the 2001 USENIX Annual Technical Conference

Volumn , Issue , 2001, Pages

  Davis, Don ^a,b  

^a Shym Technology   (United States)

^b Curl Corp   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

XML;

APPLICATION PROGRAMMERS; COMMERCIAL USERS; COMMON FEATURES; E-MAIL PROTOCOL; SECURE DOCUMENTS; SECURITY APPLICATION; SECURITY PRACTICE; XML ENCRYPTION;

CRYPTOGRAPHY;

EID: 85084160476     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (29)

1. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols," Digital SRC Research Report #125 (June 1, 1994).
2. R. Anderson and R. Needham, "Robustness Principles for Public Key Protocols," in Lecture Notes in Computer Science 963, Don Copper-smith (Ed.), Advances in Cryptology- CRYPTO '95, pp. 236-247. Springer-Verlag, 1995.
3. S. Crocker, N. Freed, J. Galvin, S. Murphy, Internet RFC 1848 "MIME Object Security Services," October 1995. http://www.faqs.org/rfcs/rfcl848.html
4. M. Burrows, M. Abadi, and R. Needham, "A Logic of Authentication," Proc. R. Soc. Lond. A 426(1989) pp. 233-271.
5. T. Dierks and C. Allen, Internet RFC 2246 "The TLS Protocol Version 1.0," January 1999. ftp://ftp.isi.edu/in-notes/rfc2246.txt
6. D. Eastlake, J. Reagle, and D. Solo (Editors), "XML-Signature Syntax and Processing: W3C Working Draft 18-September-2000," http://www.w3.org/TR/xmldsig-core/
7. P. Hoffman, Internet RFC 2634 "Enhanced Security Services for S/MIME," June 1999. ftp://ftp.isi.edu/in-notes/rfc2634.txt [8] Paul Hoffman, personal communication.
8. R. Housley, Internet RFC 2630 "Cryptographic Message Syntax," June 1999. ftp://ftp.isi.edu/in-notes/rfc2630.txt
9. Russ Housley, personal communication.
10. C. FAnson and C. Mitchell, "Security Defects in CCITT Recommendation X.509 - The Directory Authentication Framework," ACM Comp. Comm. Rev., (Apr '90), pp. 30-34.
11. B. Fraser, T.Y. Ts'o, J. Schiller, M. Leech, "IP Security Protocol (IPSEC) Charter," http://www.ietf.org/html.charters/ipsec-charter.html
12. A. Joux and R. Lercier, "Discrete logarithms in GF(p)", April 17 2001. Announcement on the Number Theory Mailing List NMBRTHRY. http://www.medicis.polytechnique.fr//~lercier/talk/ecc99.ps.gz.
13. International Telegraph and Telephone Consultative Committee (CCITT). Recommendation X.509: The Directory - Authentication Framework. In Data Communications Network Directory, Recommendations X.500-X.521, pp. 48-81. Vol. 8, Fascicle 8.8 of CCITT Blue Book. Geneva: International Telecommunication Union, 1989.
14. J. Linn, Internet RFCs 989, 1040, 1113, 1421, "Privacy Enhancements for Internet Electronic Mail: Part 1: Message Encryption and Authentication Procedures," February 1987, January 1988, August 1989, February 1993. ftp://ftp.isi.edu/in-notes/rfc{989,1040}.txt ftp://ftp.isi.edu/in-notes/rfc{1113,1421}.txt
15. John Linn, personal communication.
16. Stephen Kent, personal communication.
17. C. Meadows, "Verification of Security Protocols," lecture at 1996 RSA Cryptographers' Colloquium, Palo Alto, CA.
18. C. Neuman and J. Kohl, Internet RFC 1510 "The Kerberos Network Authentication Service (V5)", September 1993. ftp://ftp.isi.edu/innotes/rfcl510.txt
19. B. Ramsdell, Internet RFC 2633 "S/MIME Version 3 Message Specification," June 1999. ftp://ftp.isi.edu/in-notes/rfc2633.txt
20. R. Rivest, A, Shamir, L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, v. 21, 2, Feb. '78, pp. 120-126.
21. RSA Laboratories, "PKCS#1: RSA Cryptography Standard," version 2.0. Amendment 1: "Multi-Prime RSA." http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
22. RSA Laboratories, "PKCS#7: Cryptographic Message Syntax Standard," Version 12.5, Nov. 1, 1993. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
23. RSA Laboratories, "PKCS#9 v2.0: Selected Object Classes and Attribute Types," February 25, 2000. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-9/
24. Joseph Reagle, personal communication.
25. J. Reagle, "XML Encryption Requirements," W3C Working Draft 2001-April-20, http://www.w3.org/TR/2001/WD-xmlencryption-req-20010420.
26. Ed Simon, personal communication.
27. Visa International and MasterCard, "Secure Electronic Transactions Protocol Specification," http://www.setco.org/set_specifications.html.
28. P. Zimmermann, "The Official PGP User's Guide," MIT Press (1995).
29. P. Zimmermann, "A Proposed Standard Format for RSA Cryptosystems," IEEE Computer 19(9): 21-34 (1986).