Re: secure sign & encrypt
Derek Atkins <warlord@mit.edu> Thu, 23 May 2002 12:57 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07855 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 08:57:32 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4NCoCK27092 for ietf-openpgp-bks; Thu, 23 May 2002 05:50:12 -0700 (PDT)
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NCoAL27085 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 05:50:10 -0700 (PDT)
Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id IAA02093; Thu, 23 May 2002 08:50:11 -0400 (EDT)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id IAA10189; Thu, 23 May 2002 08:46:45 -0400 (EDT)
Received: from kikki.mit.edu (KIKKI.MIT.EDU [18.18.1.142]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id IAA02228; Thu, 23 May 2002 08:46:45 -0400 (EDT)
Received: (from warlord@localhost) by kikki.mit.edu (8.9.3) id IAA09756; Thu, 23 May 2002 08:46:45 -0400 (EDT)
To: Terje Braaten <Terje.Braaten@concept.fr>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: secure sign & encrypt
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>
From: Derek Atkins <warlord@mit.edu>
Date: Thu, 23 May 2002 08:46:45 -0400
In-Reply-To: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>
Message-ID: <sjmg00jqbey.fsf@kikki.mit.edu>
Lines: 49
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Terje Braaten <Terje.Braaten@concept.fr> writes: > The problem is that even though sign & encrypt is not atomic > now, that is what most users expect. I do not find it > satisfying as a programmer to have to say to the users > "Sorry, but the OpenPGP protocol do not allow any atomic > sign & encrypt that would have solved your problem, so > you will have to do without." I disagree that all users are calmoring for this feature, but I suppose we will have to agree to disagree on that. > Adding a new signature packet called 'encrypted to' (or something > like that) would allow OpenPGP applications to implement > such an atomic sign & encrypt. It could say in the protocol > that an application MAY implement atomic sign & encrypt, > and if it does, it MUST do such and such. Just so long as the user has to specifically specify this functionality. Note that this is a tradeoff and you LOSE a nice feature of PGP in the process. The feature that you lose is repudiation of the recipient of a message. You can honestly say to a judge "I have no idea how he got that message -- I didn't encrypt it to him". Maybe you don't consider that a feature; some people do. > My suggestion for a protocol for atomic sign & encrypt is > that the application MUST make an 'encrypted to' packet in > the signature for each key the message and signature packet > is encrypted to in the encryption packet. > These 'encrypted to' packets MUST be in the signed part of the signature. As has already been suggested, the Notation packet can already do this. Just create an "encrypted-to" notation convention and publish it as and RFC (and then convince people to implement it). You do not need any new packets to do what you want. > An application that implement decrypt & verify MUST/SHOULD warn the user if > the key used to decrypt the message is not found in an 'encrypted to' > packet in the signature if the signature contains 'encrypted to' > packets and thus indicates that the message is created by an atomic > sign & encrypt. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten