Mailing List metaissue Mon, 10 June 2002 18:22 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id OAA17566 for <>; Mon, 10 Jun 2002 14:22:47 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by (8.11.6/8.11.3) id g5AIGTT22682 for ietf-openpgp-bks; Mon, 10 Jun 2002 11:16:29 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g5AIGRn22677 for <>; Mon, 10 Jun 2002 11:16:27 -0700 (PDT)
Received: from ( []) by (8.11.1/8.11.1) with ESMTP id g5AIGoB29409; Mon, 10 Jun 2002 14:16:50 -0400 (EDT)
Subject: Mailing List metaissue
Date: Mon, 10 Jun 2002 13:16:24 -0500
Message-ID: <>
X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.10 |March 22, 2002) at 06/10/2002 02:16:26 PM
MIME-Version: 1.0
Content-type: multipart/mixed; Boundary="0__=09BBE147DFF7C3F18f9e8a93df938690918c09BBE147DFF7C3F1"
Content-Disposition: inline
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

From: John Dlugosz

Any idea why the list sent me 15 copies of this?
I've been getting dups from several of y'all, but this one just keeps on
going and going...

"Brian M. Carlson" <> on 05-30-2002
02:15:10 PM

Sent by:

To:    Terje Braaten <>
cc:    "OpenPGP (E-mail)" <>
Subject:    Re: secure sign & encrypt

On Thu, May 30, 2002 at 07:38:22AM +0200, Terje Braaten wrote:
> Michael Young writes that "The intended recipient is only one of many
> pieces of context that a user might mistakenly believe was included
> in the signed material." That is correct, but I will still argue that
> the information on which keys the message is encrypted to (or intended
> to be encrypted to) is special, and belongs in the OpenPGP standard.
> It is not only mail that can be signed and encrypted with OpenPGP,
> it can be all kinds of electronic documents and messages. When f.ex.
> an "X-To-PGP-Key" header might be an adequate solution for e-mail
> messages, it will not fit at all for other sorts of messages.
> In fact, the only meta data about a message that is common to all
> encrypted messages is the recipient public keys. And since this
> is meta data about the message that is always present, I think
> it is very appropriate to be specified in the protocol a convention
> on how this is to be protected in a message that is signed and encrypted.
> (If we could just have an optional sub packet on the signature in the
> round I would be happy.)

You can have this. The standard declares that subpackets 100 to 110 are
"internal or user-defined". You can even set the critical bit on it if
you like. This should solve your problem. Your only other problem is to
convince an implementer to implement this subpacket, or you can
implement it yourself. Do know that gpg has used 101 in the past for
internal purposes; this might be a bad choice.

This subpacket is completely optional; in fact all but two subpackets
are: the creation time, and the issuer.

Therefore, this discussion can end, knowing everybody is happy.

Brian M. Carlson
OpenPGP: 0x351336B2DCA1913A