[openpgp] signed/encrypted emails vs unsigned/unencrypted headers
Ximin Luo <infinity0@gmx.com> Tue, 02 July 2013 23:22 UTC
Return-Path: <infinity0@gmx.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C758C21F9A64 for <openpgp@ietfa.amsl.com>; Tue, 2 Jul 2013 16:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zA92iv0013Mk for <openpgp@ietfa.amsl.com>; Tue, 2 Jul 2013 16:22:29 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id D450321F9A71 for <openpgp@ietf.org>; Tue, 2 Jul 2013 16:22:27 -0700 (PDT)
Received: from [192.168.1.193] ([86.146.201.131]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MADqP-1V4rGt2ywz-00BKpz for <openpgp@ietf.org>; Wed, 03 Jul 2013 01:22:26 +0200
Message-ID: <51D360B2.1070709@gmx.com>
Date: Wed, 03 Jul 2013 00:22:26 +0100
From: Ximin Luo <infinity0@gmx.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130518 Icedove/17.0.5
MIME-Version: 1.0
To: openpgp@ietf.org
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="----enig2VAOLFNADWSFUDNFALFUN"
X-Provags-ID: V03:K0:rGhrqN2PAPI9A1x600EFUV96ykGeVUbtnlpLaLvO4rSW+t2TJ40 g1N+Gny7Ih6y9i4yJWyfqInsSQDFtjv5D/McBBiz7fMIcrWfVgdVVF1sPZKYTq/KTrkvkVW EnFM6eaB5qW3oc7nmnvgNXDqDGAikeVbzwXfhzN66j3OTErwgFMRZEFUqSLOZIhdCrV71Li CFKY+ny3y8re1hypYycHw==
Subject: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 23:25:51 -0000
To openpgp@ietf.org, As per [1] and [2], sign-then-encrypt is only really secure as long as you do it on *all* the information that forms the message, some of which might be external to the message data itself. Crucially, this includes the recipient. What's the current status of this in the PGP/MIME standard? Is it still a problem? I notice that email subject headers are in a similar situation, and users have complained about it.[3] The problem of unencrypted/unauthenticated recipient is less obvious, so I haven't seen user complaints, but potentially it is more serious. Although not explicitly mentioned in the previous citations, these are conceptually the same problem - i.e. you are only executing sign-then-encrypt on *part* of the data that should be secured. So, I believe that it's possible to work towards a single clean solution that fixes both problems. (Sorry if this has been asked before already, or if the problem has already been fixed; I did check the list archives but couldn't find anything on a quick scan, nor a quick session of web searching.) X [1] http://crypto.stackexchange.com/questions/5458/should-we-sign-then-encrypt-or-encrypt-then-sign [2] http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html#CITEpgp [3] http://www.mozilla-enigmail.org/forum/viewtopic.php?f=9&t=328 -- GPG: 4096R/5FBBDBCE https://github.com/infinity0 https://bitbucket.org/infinity0 https://launchpad.net/~infinity0
- [openpgp] signed/encrypted emails vs unsigned/une… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ben Laurie
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ben Laurie
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Daniel Kahn Gillmor
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo