IETF Logo Mail Archive

RE: secure sign & encrypt

Terje Braaten <Terje.Braaten@concept.fr> Thu, 23 May 2002 20:14 UTC

Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25279 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 16:14:07 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NK56S13107 for ietf-openpgp-bks; Thu, 23 May 2002 13:05:06 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NK54L13103 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 13:05:04 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LPCP1MVQ>; Thu, 23 May 2002 22:02:31 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF4@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: 'Derek Atkins' <warlord@mit.edu>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: RE: secure sign & encrypt
Date: Thu, 23 May 2002 22:02:30 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NK55L13104
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

Derek Atkins <warlord@MIT.EDU> wrote:
> I'm not sure exactly what you mean by when you say Alice saves a copy
> of the session key... How does Alice get that key to Charlie?  Also
> keep in mind that the interior and exterior encryptions SHOULD be
> using different session keys.  So, I don't understand what you mean?

She could send it to Charlie in a different mail, or add it on the outside
of the signature (ES) packet before she encrypt and send it to Charlie.
And since she control the building of the message, another solution
would be that she could also use the same session key in the interior and
exterior encryptions no matter what the protocol says should be done.

> 
> Can you show the packets that Charlie sees?  I don't see any way
> to add a new ESK on the interior message without invalidating the
> signature....

Charlie sees after decrypting the first layer
 PreSig[Alice]{ESK [Bob] Enc { Literal { Message } } }PostSig[Alice]

In addition he has, or can make ESK[Charlie]. This information he can
claim he must have got from Bob, since he is the only original recipient.

-- 
Terje BrĂ¥ten

v2.23.0 | Report a Bug | By Email