Re: secure sign & encrypt
"vedaal" <vedaal@hotmail.com> Wed, 22 May 2002 13:11 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA00111 for <openpgp-archive@odin.ietf.org>; Wed, 22 May 2002 09:11:53 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4MD3CB08029 for ietf-openpgp-bks; Wed, 22 May 2002 06:03:12 -0700 (PDT)
Received: from hotmail.com (oe36.law3.hotmail.com [209.185.240.204]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4MD3AL08022 for <ietf-openpgp@imc.org>; Wed, 22 May 2002 06:03:10 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 22 May 2002 06:03:06 -0700
X-Originating-IP: [207.127.12.210]
From: vedaal <vedaal@hotmail.com>
To: ietf-openpgp@imc.org
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABE6@csexch.Conceptfr.net>
Subject: Re: secure sign & encrypt
Date: Wed, 22 May 2002 09:00:32 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Message-ID: <OE36KLVXfEFzotSkrpE000009ff@hotmail.com>
X-OriginalArrivalTime: 22 May 2002 13:03:06.0898 (UTC) FILETIME=[0402E720:01C20191]
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
----- Original Message ----- From: "Terje Braaten" <Terje.Braaten@concept.fr> To: "OpenPGP (E-mail)" <ietf-openpgp@imc.org> Sent: Wednesday, May 22, 2002 6:51 AM Subject: RE: secure sign & encrypt [...] > > If there could be a packet added linking the time of > > encryption to the time > > of signing, > > {including elapsed time in seconds [or 0.00x seconds], and > > therefore not > > attackable by trying to re-set the re-encrypting > > computer to the time recorded in the original signed message.} > > I do not understand how you intend this packet to be added. > If it is a signature packet, would not the changes to be done > be about the same as if we added an 'encrypted to' packet? Yes, it could be done your way too, with about the same amount of change. I thought that a packet that simply records the elapsed time in fractions of a second, between signing and encrypting, could be added without affecting the signature or encryption packets, and might be easier to implement without affecting backward compatiblity. [...] > If it is not a signature packet, I do not understand what would > keep the attacker from making a fake timestamp when re-encrypting the > message. It would be an 'record of actual elapsed time' packet, measured from the time the program calls for the time of signing, to the time it calls for encrypting. It would not be 'calculated' by measuring the recorded (old) timestamp of the signature, and then re-setting the attacker's computer to the same time and measuring the fractions of seconds till the encryption. { i do not yet know how to read and write code :( , so it is only my opinion of what seems plausibly 'do-able' , it may be that it has flaws that experienced programmers can instantly see, if so, i apologize in advance} --vedaal
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten