RE: secure sign & encrypt
Terje Braaten <Terje.Braaten@concept.fr> Thu, 23 May 2002 09:13 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA01322 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 05:13:31 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4N92r013820 for ietf-openpgp-bks; Thu, 23 May 2002 02:02:53 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4N92oL13814 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 02:02:51 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LPCP1L7G>; Thu, 23 May 2002 11:00:16 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABED@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: RE: secure sign & encrypt
Date: Thu, 23 May 2002 11:00:15 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4N92pL13816
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
Derek Atkins <warlord@MIT.EDU> writes: > > You seem to be under the misconception that "sigh & enrypt" is an > atomic PGP operation. It is not. There is "OpenPGP Sign" and there > is "OpenPGP Encrypt", and these two functions _can_ be combined, but > the combination is NOT a single atomic function. It never was. Well, I intended it to become an atomic function. Many users perceive it today to be an atomic function, and I think it would be really nice and a big improvement of the software if it really became a secure atomic function. > > All PGP ever had was "first sign and then encrypt". It was just > user-interface "syntactic sugar" that allows the user to perform both > tasks together. However, there is no way for a receiver to tell the > difference between a one-pass and two-pass "sign and then encrypt". That is what I see as a major weakness with PGP today. There should be a difference, and the user should be able to be sure that the signer and encrypter is the same person if atomic sign & encrypt is used. It is both very user friendly to make it that way, and it will make it more secure since it is a already a wide misconception that you can tell the difference with the current implementation. [snip] > > But the point is not to make some human readable boilerplate. The > > point is that OpenPGP software automatically should be able > to detect > > if the message has been faked to look like it is created by > > sign & encrypt when it really is not. > > What do you mean? Can you please explain what attack you believe > you are preventing? Alice makes a love poem, signs & encrypts it and sends it to Bob. Some months later they have broken up with each other. Bob decides to be mean to Alice, and encrypts the signed love poem and sends it to Charlie, faking the From header in the mail so it look likes it is from Alice. Then Charlie has a message that is encrypted to him and signed by Alice. It seems to Charlie like it is created by sign & encrypt in PGP, so he is convinced this must be a message from Alice that she has encrypted specially for him. What I would like is any PGP implementation to be able to display a message like "Good signature from nn. Warning, this message is not made with atomic sign & encrypt, and may be encrypted by some one else." -- Terje BrĂ¥ten
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten