Re: Recipient-verifiable messages
Jon Callas <jon@callas.org> Thu, 11 April 2002 22:58 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18917 for <openpgp-archive@odin.ietf.org>; Thu, 11 Apr 2002 18:58:05 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3BMiVO25692 for ietf-openpgp-bks; Thu, 11 Apr 2002 15:44:31 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3BMiUm25688 for <ietf-openpgp@imc.org>; Thu, 11 Apr 2002 15:44:30 -0700 (PDT)
Received: from [192.168.1.97] (63.84.37.127) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.1); Thu, 11 Apr 2002 15:44:17 -0700
Mime-Version: 1.0
Message-Id: <p0510153cb8dbc0a982fc@[192.168.1.97]>
In-Reply-To: <200204111545.g3BFjdw11622@finney.org>
References: <200204111545.g3BFjdw11622@finney.org>
Date: Thu, 11 Apr 2002 15:42:02 -0700
To: Hal Finney <hal@finney.org>, ietf-openpgp@imc.org
From: Jon Callas <jon@callas.org>
Subject: Re: Recipient-verifiable messages
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
>David Chaum has a patent on a variation on this idea, and he gave a talk >at PGP several years ago in which he advocated that recipient-verifiable >signatures are very useful, and in fact ought to be the default for >an email encryption system like PGP. As others in this thread have >commented, often you don't want to sign something such that you can >be bound by it later, but you do want to assure the recipient that the >message is authentic. Only rarely do you want to make a signature that >anyone can read. > >Unfortunately I think that adding a new flavor of signature would tend >to create confusion among users who at best barely understand public >key cryptography. The new kind of signature would have very different >security properties and usage scenarios, so it would add additional >complexity for people to deal with. Could we do something both simple and useful, however? For example, if I send a message to Alice, the signature could be made safely as a combo of my key and Alice's key. It would not be a misrepresentation in Alice's MUA for it to assume I signed it. You'd have to be careful in the UI, but I think it could be done. It might be able to be extended to multiple recipients, but with two it might be an easy hand-wave. Jon
- Recipient-verifiable messages, was: forwarding an… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… vedaal
- Re: Recipient-verifiable messages, was: forwardin… john.dlugosz
- Re: Recipient-verifiable messages, was: forwardin… john.dlugosz
- Re: Recipient-verifiable messages Jon Callas
- Re: Recipient-verifiable messages David P. Kemp
- Re: Recipient-verifiable messages Jon Callas
- Re: Recipient-verifiable messages David P. Kemp
- Re: Recipient-verifiable messages, was: forwardin… Adam Back
- Re: Recipient-verifiable messages, was: forwardin… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… Adam Back
- Re: Recipient-verifiable messages, was: forwardin… Hal Finney
- Re: Recipient-verifiable messages, was: forwardin… Werner Koch
- non-transferable sigs with hashes and encryption … Adam Back
- Re: Recipient-verifiable messages, was: forwardin… Bodo Moeller
- Re: Recipient-verifiable messages, was: forwardin… Bodo Moeller