[cryptography] Is it just me or is this fundamentally broken?
iang at iang.org
Tue Mar 5 07:17:19 EST 2013
On 5/03/13 02:42 AM, Peter Gutmann wrote:
> Quoting http://xmpp.org/extensions/xep-0027.html#signing:
> Signing enables a sender to verify that they sent a certain block of text.
> [...] The text that is signed MAY be the empty string.
> (There's no metadata or anything there, just a raw signature).
The crux of the problem is, what does the signature mean? What is the
claim that is being made by the key when it signs that data?
In the above, the sender verifies they sent a certain block of text.
Not much meat there, but we can try it. If that's it, and the sender
insists on sending "nothing" (perhaps in answer to a question to which
the answer is "nothing") then the signer still needs a way to indicate
"I'm sending nothing." Elsewise the protocol mechanics of ACKs and so
forth mean that the other side will continue to say "I'm not hearing
nothing from you, please send nothing again..." Over and over...
Without that understanding, we're floating. It's like asking whether an
empty beer glass is cheating in a drinking game, before we've
established the rules of the game.
More information about the cryptography