Re: secure sign & encrypt
Derek Atkins <warlord@mit.edu> Thu, 23 May 2002 12:41 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07241 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 08:41:43 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NCWAP25336 for ietf-openpgp-bks; Thu, 23 May 2002 05:32:10 -0700 (PDT)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NCW8L25331 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 05:32:08 -0700 (PDT)
Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id IAA26452; Thu, 23 May 2002 08:32:08 -0400 (EDT)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by grand-central-station.mit.edu (8.9.2/8.9.2) with ESMTP id IAA23897; Thu, 23 May 2002 08:32:08 -0400 (EDT)
Received: from kikki.mit.edu (KIKKI.MIT.EDU [18.18.1.142]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id IAA28561; Thu, 23 May 2002 08:32:08 -0400 (EDT)
Received: (from warlord@localhost) by kikki.mit.edu (8.9.3) id IAA09727; Thu, 23 May 2002 08:32:08 -0400 (EDT)
To: Terje Braaten <Terje.Braaten@concept.fr>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: secure sign & encrypt
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABED@csexch.Conceptfr.net>
From: Derek Atkins <warlord@mit.edu>
Date: Thu, 23 May 2002 08:32:08 -0400
In-Reply-To: <1F4F2D8ADFFCD411819300B0D0AA862E29ABED@csexch.Conceptfr.net>
Message-ID: <sjmoff7qc3b.fsf@kikki.mit.edu>
Lines: 46
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Terje Braaten <Terje.Braaten@concept.fr> writes: > Alice makes a love poem, signs & encrypts it and sends it to Bob. > Some months later they have broken up with each other. Bob decides > to be mean to Alice, and encrypts the signed love poem and sends it > to Charlie, faking the From header in the mail so it look likes it is > from Alice. Then Charlie has a message that is encrypted to him and signed > by Alice. It seems to Charlie like it is created by sign & encrypt in > PGP, so he is convinced this must be a message from Alice that she > has encrypted specially for him. Note that this will already say: Good signature from Alic. Signature made <Date three months ago> Don't you think Charlie would be suspicious about that? I would certainly be suspicious if the signature date wasn't pretty close to the mail date. And I would also be suspicious if the mail date wasn't close to "today". > What I would like is any PGP implementation to be able to display a message > like "Good signature from nn. Warning, this message is not made with atomic > sign & encrypt, and may be encrypted by some one else." You see, I view this just like regular mail. There is the envelope information, and there is the "letter". By _CONVENTION_ the person writing a letter duplicates the envelope information on the inside. This is not done automatically by the Postal Service, nor is it done automatically by the enveloping process. A user could just as easily leave that information out of the letter (thereby opening themselves to this same attack in meatspace). This is not something that should be solved at the Protocol Layer. Repeat to yourself: IT IS A FEATURE THAT SIGN AND ENCRYPT ARE SEPARABLE OPERATIONS. Once you make that statement, there is no way, short of layering violations, to do what you want to do except at the application later duplicating the information. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten