Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How does XML Signature prevent repudiation if KeyInfo included?

1 view
Skip to first unread message

jacksu

unread,
Sep 2, 2005, 2:46:52 PM9/2/05
to
Hi all,

Thanks your time to help me clean up my confusion.

Say the following xml signature:

<Signature>
<SignedInfo>
....
<DigestValue>.....</DigestValue>
</SignedInfo>
<SignatureValue>....</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>....</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>

If I changed the message totally, have my own DigestValue, and have my
own SignatureValue, and send my own X509Certificate with
only the DN name to be the same as original sender.

How does receiver tell the message was changed?

Thanks.

Martin Gudgin

unread,
Sep 7, 2005, 1:26:17 AM9/7/05
to
The answer is, the receiver can't tell the message was changed. But then you
need not have changed someone elses message, you could have just sent a new
message you created yourself. If your certificate is one the receiver will
trust then you can send messages to the receiver, period. If your
certificate has the same X.500 Distinguished Name as the original sender
then the service will have some difficulty telling the two of you apart.

I think the way around this is to either make sure the Certificate Authority
doesn't issue more than one certificate with the same X.500 Distinguished
Name or have the service know which certificate (or associated public key )
it's expecting for a given X.500 Distinguished Name (the latter is somewhat
problematic in terms of deployment as it would mean installing the sender
certificate on the service in advance ).

Gudge

"jacksu" <jack...@gmail.com> wrote in message
news:1125686812.8...@g49g2000cwa.googlegroups.com...

0 new messages