Mailing List metaissue
john.dlugosz@kodak.com Mon, 10 June 2002 18:22 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA17566 for <openpgp-archive@odin.ietf.org>; Mon, 10 Jun 2002 14:22:47 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g5AIGTT22682 for ietf-openpgp-bks; Mon, 10 Jun 2002 11:16:29 -0700 (PDT)
Received: from kodakr.kodak.com (kodakr.kodak.com [192.232.119.69]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g5AIGRn22677 for <ietf-openpgp@imc.org>; Mon, 10 Jun 2002 11:16:27 -0700 (PDT)
Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by kodakr.kodak.com (8.11.1/8.11.1) with ESMTP id g5AIGoB29409; Mon, 10 Jun 2002 14:16:50 -0400 (EDT)
Subject: Mailing List metaissue
To: karlsson@hal-pc.org
Cc: ietf-openpgp@imc.org
From: john.dlugosz@kodak.com
Date: Mon, 10 Jun 2002 13:16:24 -0500
Message-ID: <OF63A427F1.F2CF7CD9-ON86256BD4.00644561@kodak.com>
X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.10 |March 22, 2002) at 06/10/2002 02:16:26 PM
MIME-Version: 1.0
Content-type: multipart/mixed; Boundary="0__=09BBE147DFF7C3F18f9e8a93df938690918c09BBE147DFF7C3F1"
Content-Disposition: inline
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
From: John Dlugosz Any idea why the list sent me 15 copies of this? I've been getting dups from several of y'all, but this one just keeps on going and going... "Brian M. Carlson" <karlsson@hal-pc.org>@mail.imc.org on 05-30-2002 02:15:10 PM Sent by: owner-ietf-openpgp@mail.imc.org To: Terje Braaten <Terje.Braaten@concept.fr> cc: "OpenPGP (E-mail)" <ietf-openpgp@imc.org> Subject: Re: secure sign & encrypt On Thu, May 30, 2002 at 07:38:22AM +0200, Terje Braaten wrote: > > Michael Young writes that "The intended recipient is only one of many > pieces of context that a user might mistakenly believe was included > in the signed material." That is correct, but I will still argue that > the information on which keys the message is encrypted to (or intended > to be encrypted to) is special, and belongs in the OpenPGP standard. > > It is not only mail that can be signed and encrypted with OpenPGP, > it can be all kinds of electronic documents and messages. When f.ex. > an "X-To-PGP-Key" header might be an adequate solution for e-mail > messages, it will not fit at all for other sorts of messages. > In fact, the only meta data about a message that is common to all > encrypted messages is the recipient public keys. And since this > is meta data about the message that is always present, I think > it is very appropriate to be specified in the protocol a convention > on how this is to be protected in a message that is signed and encrypted. > > (If we could just have an optional sub packet on the signature in the first > round I would be happy.) You can have this. The standard declares that subpackets 100 to 110 are "internal or user-defined". You can even set the critical bit on it if you like. This should solve your problem. Your only other problem is to convince an implementer to implement this subpacket, or you can implement it yourself. Do know that gpg has used 101 in the past for internal purposes; this might be a bad choice. This subpacket is completely optional; in fact all but two subpackets are: the creation time, and the issuer. Therefore, this discussion can end, knowing everybody is happy. -- Brian M. Carlson <karlsson@hal-pc.org> OpenPGP: 0x351336B2DCA1913A
- Mailing List metaissue john.dlugosz