Re: secure sign & encrypt
Derek Atkins <derek@ihtfp.com> Tue, 21 May 2002 14:49 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12868 for <openpgp-archive@odin.ietf.org>; Tue, 21 May 2002 10:49:27 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4LEfbR22240 for ietf-openpgp-bks; Tue, 21 May 2002 07:41:37 -0700 (PDT)
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4LEfaL22236 for <ietf-openpgp@imc.org>; Tue, 21 May 2002 07:41:36 -0700 (PDT)
Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id KAA02400; Tue, 21 May 2002 10:41:37 -0400 (EDT)
Received: from manawatu-mail-centre.mit.edu (MANAWATU-MAIL-CENTRE.MIT.EDU [18.7.7.71]) by grand-central-station.mit.edu (8.9.2/8.9.2) with ESMTP id KAA14273; Tue, 21 May 2002 10:33:31 -0400 (EDT)
Received: from kikki.mit.edu (KIKKI.MIT.EDU [18.18.1.142]) by manawatu-mail-centre.mit.edu (8.9.2/8.9.2) with ESMTP id KAA05878; Tue, 21 May 2002 10:33:30 -0400 (EDT)
Received: (from warlord@localhost) by kikki.mit.edu (8.9.3) id KAA26948; Tue, 21 May 2002 10:33:31 -0400 (EDT)
To: vedaal <vedaal@hotmail.com>
Cc: ietf-openpgp@imc.org
From: Derek Atkins <derek@ihtfp.com>
Subject: Re: secure sign & encrypt
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABE3@csexch.Conceptfr.net> <OE32bjKoMFYsDSzhxRz00000360@hotmail.com>
Date: Tue, 21 May 2002 10:33:31 -0400
In-Reply-To: <OE32bjKoMFYsDSzhxRz00000360@hotmail.com>
Message-ID: <sjmptzp7epw.fsf@kikki.mit.edu>
Lines: 72
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
sorry, vedaal, but you are incorrect. With current OpenPGP is _IS_ possible to strip off the encryption from a message and re-encrypt it to another user, keeping the signature intact. In fact, back in the early 90's (and mid-90's when we were first designing the pre-OpenPGP packets), this was in fact a design goal! Remember that a signed/encrypted message looks like: ESK{PubA, K} ... Enc{K, PreSig{Hash{M}}, Lit{M}, PostSig{Hash{M}}} Given this format, you can easily replace the K in ESK{} and Enc{} without destroying the Presig,Literal,PostSig packets. Now, it may be that the current _implementations_ do not make it easy for a user to do so, but that is an implementation detail, not a protocol detail. The protocol could allow you to do so. -derek "vedaal" <vedaal@hotmail.com> writes: > ----- Original Message ----- > From: "Terje Braaten" <Terje.Braaten@concept.fr> > To: <ietf-openpgp@imc.org> > Sent: Monday, May 20, 2002 7:31 PM > Subject: RE: secure sign & encrypt > > [...] > > > The problem is that most users when they decrypt a message > > that is signed, they will think they can be sure the signer > > and the encrypter is the same person/entity. > > It would be a major improvement in the OpenPGP specification > > to allow applications to ensure that that really is the case. > > [...] > > Functionally, that is the case now in Open PGP. > > Even though a signed and encrypted message can be separated into a > verifiable free standing signed message, and then > re-encrypted and sent on to someone else, > it 'cannot' {afaik} be re-combined into a signed and encrypted message that > appears the same as a de-novo signed and encrypted message. > > The most that can be done with the separation and re-encryption, is to have > a message, that upon decryption, is clearsigned, > or armored signed, and even the armored signed message is clearly of a > different form than a de novo armored signed message; > {a de novo armored signed message always has the message block begin with > the letters 'ow', the separated armored signed > message never does}. > > Someone receiving a re-encrypted separated signed message, can instantly > tell upon decryption, that it was an 'intentionally' > re-encrypted message, and not an original. > > The only time that this could be a problem, is for very new users, who may > inadvertently get into a habit of clearsigning and then encrypting, instead > of using the one-function 'sign and encrypt' , and as soon as it is pointed > out to them that it is simpler and easier to use 'sign and encrypt' single > function, they will probably do so. > > hth, > > vedaal > -- Derek Atkins Computer and Internet Security Consultant derek@ihtfp.com www.ihtfp.com
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten