Re: Recipient-verifiable messages, was: forwarding an encrypted PGP message is useless
"Hal Finney" <hal@finney.org> Thu, 18 April 2002 02:47 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA15826 for <openpgp-archive@lists.ietf.org>; Wed, 17 Apr 2002 22:47:07 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3I2ZQ814134 for ietf-openpgp-bks; Wed, 17 Apr 2002 19:35:26 -0700 (PDT)
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3I2ZPm14130 for <ietf-openpgp@imc.org>; Wed, 17 Apr 2002 19:35:25 -0700 (PDT)
Received: (from hal@localhost) by finney.org (8.11.6/8.11.6) id g3I2QQA29627; Wed, 17 Apr 2002 19:26:26 -0700
Date: Wed, 17 Apr 2002 19:26:26 -0700
From: Hal Finney <hal@finney.org>
Message-Id: <200204180226.g3I2QQA29627@finney.org>
To: adam@cypherspace.org, hal@finney.org
Subject: Re: Recipient-verifiable messages, was: forwarding an encrypted PGP message is useless
Cc: ietf-openpgp@imc.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
A correction: I wrote: > If we introduce these non-transferable signatures (good name btw) then > there is more possibility for confusion. It's completely different from > a regular signature; for one thing, Alice doesn't even have to type her > passphrase, because her signature key is not used when she creates this > kind of "signature"! Imagine the paranoia that would trigger on the PGP > user lists. In general it's going to increase the explanatory burden > for people who want to understand what the software is doing. Sorry, I was confused when I wrote this. Of course, Alice does have to use her passphrase and private key, as she signs the encrypted key block. But I still think that the unique security properties of this kind of signature would have to be explained, so that people can make knowledgeable judgements about the security they are getting. Hal
- Recipient-verifiable messages, was: forwarding an… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… vedaal
- Re: Recipient-verifiable messages, was: forwardin… john.dlugosz
- Re: Recipient-verifiable messages, was: forwardin… john.dlugosz
- Re: Recipient-verifiable messages Jon Callas
- Re: Recipient-verifiable messages David P. Kemp
- Re: Recipient-verifiable messages Jon Callas
- Re: Recipient-verifiable messages David P. Kemp
- Re: Recipient-verifiable messages, was: forwardin… Adam Back
- Re: Recipient-verifiable messages, was: forwardin… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… Adam Back
- Re: Recipient-verifiable messages, was: forwardin… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… Werner Koch
- non-transferable sigs with hashes and encryption … Adam Back
- Re: Recipient-verifiable messages, was: forwardin… Bodo Moeller
- Re: Recipient-verifiable messages, was: forwardin… Bodo Moeller