On Tue, Jul 31, 2018 at 06:14:18PM +0200, Jakob Bohm wrote: > > CMS works fine for small messages, and could even be used to construct > > the integrity-protected chunks in a higher-level protocol. CMS is > > not appropriate for multi-gigabyte or terabyte, ... datasets. > > Actually, the CMS format itself is clearly designed for streamed decoding. It is not, because there is no integrity protection until you reach the end of the message. In a packetized format designed for streaming, each chunk and their sequencing is integrity protected, streaming extractors are only exposed to (tamper-evident) truncation attacks. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
