Re: Anybody know details about Schneier's "flaw"?

Werner Koch <> Mon, 19 August 2002 12:05 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id IAA29276 for <>; Mon, 19 Aug 2002 08:05:19 -0400 (EDT)
Received: by (8.11.6/8.11.3) id g7JBu4a20631 for ietf-openpgp-bks; Mon, 19 Aug 2002 04:56:04 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g7JBu2w20624 for <>; Mon, 19 Aug 2002 04:56:02 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 3.32 #1 (Debian)) id 17gmJ9-0000Ca-00; Mon, 19 Aug 2002 15:10:59 +0200
Received: from wk by with local (Exim 3.35 #1 (Debian)) id 17glBe-0004W6-00; Mon, 19 Aug 2002 13:59:10 +0200
To: "Dominikus Scherkl" <>
Cc: <>
Subject: Re: Anybody know details about Schneier's "flaw"?
References: <>
From: Werner Koch <>
X-PGP-KeyID: 621CC013
X-Request-PGP: finger://
X-FSFE-Motto: Omnis enim res, quae dando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est.
Organisation: g10 Code GmbH
Date: Mon, 19 Aug 2002 13:59:10 +0200
In-Reply-To: <> ("Dominikus Scherkl"'s message of "Mon, 19 Aug 2002 11:49:23 +0200")
Message-ID: <>
Lines: 35
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On Mon, 19 Aug 2002 11:49:23 +0200, Dominikus Scherkl said:

> Why should anybody relpy cleartext to an encrypted messge?
> especialy if it contains (even parts) of the encrypted message?

You will often notice plaintext message like "I could not decrypt your
message - please use key 0x12345678" or "Where do I find your key".
So it is not unlikely to see a message "Hey, your encrypted mail was
garbled, please send it again.  Here is the problematic line..".

Most users don't know about the cryptograhic issues involved in
sending parts of the plaintext back.  A good MUA should protect
against that but well a user can always override it.

> If a reply is sent at all, it should be encrypted, so an interceptor
> has the same problem with the reply - he needs to break the key.

I am probably not the only one with this problem: Try to get my key
from a keyserver - it is probably not usable because the subkeys are
all garbled (Most people don't look at the mail header X-Request-PGP
to find out the canonical way to get my key).  So it is very likely to
get a plaintext response; users are thus used to that and they can't
imagine what serious consequences a reply with a very short and after
all unreadable quote should have.

All over the place OpenPGP is rightfully very paranoid and thus it
makes sense to do what we can to avoid shoot-your-self-in-the-foot