RE: secure sign & encrypt
Terje Braaten <Terje.Braaten@concept.fr> Thu, 23 May 2002 21:36 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA28352 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 17:36:33 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4NLRq715111 for ietf-openpgp-bks; Thu, 23 May 2002 14:27:52 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NLRoL15107 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 14:27:51 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LPCP1MXQ>; Thu, 23 May 2002 23:25:18 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF7@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: ietf-openpgp@imc.org
Subject: RE: secure sign & encrypt
Date: Thu, 23 May 2002 23:25:17 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NLRpL15108
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
What is the problem I try to solve? I thought that had been clear through the many mails I sent, but let me try to explain again. 1) Don Davis has a pretty good description of the problem in http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html He lists many good reasons why this is a problem in section 4. 2) Many users seem to think that PGPs sign & encrypt function is atomic. We can try to teach them that is never was so, and never will be (a bad solution in my opinion) or we can give the users what they want/expect and make it possible to have an atomic sign & encrypt in PGP. To word the problem in another way, when Alice send a message to Bob that is signed and encrypted, Bob should be able to be sure that it was Alice that encrypted the message. Description of attack: Alice send a signed & encrypted message to Charlie. Charlie decrypts it and encrypts and sends it to Bob, trying to convince Bob the message comes directly from Alice. Since Bob see the message is apparently made by sign & encrypt he thinks it must be Alice that has encrypted it. Some solutions: - Teach Bob not to trust PGPs sign & encrypt to know who the sender of the message is when it is not in the plain text of the signed message. - Make PGP use Encrypt, Sign and Encrypt. (Slower encryption/decryption and bigger messages.) - Add fingerprints of recipient keys in signature packets (Requires a change in the protocol) -- Terje BrĂ¥ten
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten