[cryptography] Is it just me or is this fundamentally broken?

ianG iang at iang.org
Tue Mar 5 07:17:19 EST 2013


On 5/03/13 02:42 AM, Peter Gutmann wrote:
> Quoting http://xmpp.org/extensions/xep-0027.html#signing:
>
>    Signing enables a sender to verify that they sent a certain block of text.
>    [...] The text that is signed MAY be the empty string.
>
> (There's no metadata or anything there, just a raw signature).



The crux of the problem is, what does the signature mean?  What is the 
claim that is being made by the key when it signs that data?

In the above, the sender verifies they sent a certain block of text.

Not much meat there, but we can try it.  If that's it, and the sender 
insists on sending "nothing" (perhaps in answer to a question to which 
the answer is "nothing") then the signer still needs a way to indicate 
"I'm sending nothing."  Elsewise the protocol mechanics of ACKs and so 
forth mean that the other side will continue to say "I'm not hearing 
nothing from you, please send nothing again..."  Over and over...

Without that understanding, we're floating.  It's like asking whether an 
empty beer glass is cheating in a drinking game, before we've 
established the rules of the game.





iang



More information about the cryptography mailing list