Re: PublicKeyFile Format Security Considerations

To: "Brent McClure" <mcclure%swcp.com@localhost>
Subject: Re: PublicKeyFile Format Security Considerations
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Fri, 25 Jul 2003 19:25:44 -0400

>   The file format described by this document provides no mechanism
>   to verify the integrity or otherwise detect tampering of the
>   data stored in such files. It is the responsibility of the parties
>   that create or exchange files written in this format to ensure that 
>   appropriate access controls are applied to such files, and that 
>   the files, if transfered, are exchanged over a trusted channel.
> 
>   The data encoded using this file format is sensitive. 

"sensitive" in what sense?  

>   Implementors are cautioned to verify the correctness of the
>   encoding/decoding routines used to save and read files in this
>   format. A malfunctioning decoder used to read a public-key file
>   will most likely produce unsound data of unknown cryptographic
>   properties that in the worst case could be vulnerable various
>   forms of cryptographic attack.

					- Bill

Follow-Ups:
- Re: PublicKeyFile Format Security Considerations
  - From: RJ Atkinson
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure

References:
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure

Prev by Date: Re: PublicKeyFile Format Security Considerations
Next by Date: Re: PublicKeyFile Format Security Considerations
Previous by Thread: Re: PublicKeyFile Format Security Considerations
Next by Thread: Re: PublicKeyFile Format Security Considerations
Indexes:

Home | Main Index | Thread Index | Old Index