RE: Recipient-verifiable messages, was: forwarding an encrypted P GP message is useless

Terje Braaten <Terje.Braaten@concept.fr> Thu, 30 May 2002 06:03 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA19678 for <openpgp-archive@odin.ietf.org>; Thu, 30 May 2002 02:03:36 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4U5pHH13589 for ietf-openpgp-bks; Wed, 29 May 2002 22:51:17 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4U5pF113585 for <ietf-openpgp@imc.org>; Wed, 29 May 2002 22:51:15 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <L8P7ZZ2M>; Thu, 30 May 2002 07:48:25 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABFD@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: ietf-openpgp@imc.org
Subject: RE: Recipient-verifiable messages, was: forwarding an encrypted P GP message is useless
Date: Thu, 30 May 2002 07:48:24 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4U5pG113586
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

moeller@cdc.informatik.tu-darmstadt.de wrote:
> 
> Hal Finney <hal@finney.org>rg>:
> > Adam Back writes:
> 
> >> What we proposed is related.  Rather
> >> than the normal encrypted signed message:
> >>
> >> 	Encrypt_Bob(K), Encrypt(K, Sign_Alice(Hash(msg)), msg)
> >>
> >> we proposed:
> >>
> >> 	Encrypt_Bob(K), Encrypt(K, Sign_Alice(Hash(K||Bob_PK)), msg)
> >>
> >> with the additional restriction that the encryption mode 
> should be one
> >> of the MDC modes (ie appended MAC with K outside encryption, or
> >> appended hash of msg inside encryption).

What a wonderful solution. Hello everybody, we go ahead and change
the next version of the protocol to this. Ok?

-- 
Terje Bråten