IETF Logo Mail Archive

Re: secure sign & encrypt

Derek Atkins <warlord@mit.edu> Thu, 23 May 2002 12:57 UTC

Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07855 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 08:57:32 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4NCoCK27092 for ietf-openpgp-bks; Thu, 23 May 2002 05:50:12 -0700 (PDT)
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NCoAL27085 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 05:50:10 -0700 (PDT)
Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id IAA02093; Thu, 23 May 2002 08:50:11 -0400 (EDT)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id IAA10189; Thu, 23 May 2002 08:46:45 -0400 (EDT)
Received: from kikki.mit.edu (KIKKI.MIT.EDU [18.18.1.142]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id IAA02228; Thu, 23 May 2002 08:46:45 -0400 (EDT)
Received: (from warlord@localhost) by kikki.mit.edu (8.9.3) id IAA09756; Thu, 23 May 2002 08:46:45 -0400 (EDT)
To: Terje Braaten <Terje.Braaten@concept.fr>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: secure sign & encrypt
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>
From: Derek Atkins <warlord@mit.edu>
Date: Thu, 23 May 2002 08:46:45 -0400
In-Reply-To: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>
Message-ID: <sjmg00jqbey.fsf@kikki.mit.edu>
Lines: 49
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Terje Braaten <Terje.Braaten@concept.fr> writes:

> The problem is that even though sign & encrypt is not atomic
> now, that is what most users expect. I do not find it
> satisfying as a programmer to have to say to the users
> "Sorry, but the OpenPGP protocol do not allow any atomic
> sign & encrypt that would have solved your problem, so
> you will have to do without."

I disagree that all users are calmoring for this feature, but I
suppose we will have to agree to disagree on that.

> Adding a new signature packet called 'encrypted to' (or something
> like that) would allow OpenPGP applications to implement
> such an atomic sign & encrypt. It could say in the protocol
> that an application MAY implement atomic sign & encrypt,
> and if it does, it MUST do such and such.

Just so long as the user has to specifically specify this
functionality.  Note that this is a tradeoff and you LOSE a nice
feature of PGP in the process.  The feature that you lose is
repudiation of the recipient of a message.  You can honestly say to a
judge "I have no idea how he got that message -- I didn't encrypt it
to him".  Maybe you don't consider that a feature; some people do.

> My suggestion for a protocol for atomic sign & encrypt is
> that the application MUST make an 'encrypted to' packet in
> the signature for each key the message and signature packet
> is encrypted to in the encryption packet.
> These 'encrypted to' packets MUST be in the signed part of the signature.

As has already been suggested, the Notation packet can already do
this.  Just create an "encrypted-to" notation convention and publish
it as and RFC (and then convince people to implement it).  You do not
need any new packets to do what you want.

> An application that implement decrypt & verify MUST/SHOULD warn the user if
> the key used to decrypt the message is not found in an 'encrypted to'
> packet in the signature if the signature contains 'encrypted to'
> packets and thus indicates that the message is created by an atomic
> sign & encrypt.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

v2.23.0 | Report a Bug | By Email