Re: secure sign & encrypt

Derek Atkins <warlord@mit.edu> Thu, 23 May 2002 19:51 UTC

To: Terje Braaten <Terje.Braaten@concept.fr>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: secure sign & encrypt
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF3@csexch.Conceptfr.net>
From: Derek Atkins <warlord@mit.edu>
Date: Thu, 23 May 2002 15:42:50 -0400
In-Reply-To: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF3@csexch.Conceptfr.net>
Message-ID: <sjmd6vm1whx.fsf@gorf.mit.edu>
Lines: 43
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
Content-Transfer-Encoding: 8bit

I'm not sure exactly what you mean by when you say Alice saves a copy
of the session key... How does Alice get that key to Charlie?  Also
keep in mind that the interior and exterior encryptions SHOULD be
using different session keys.  So, I don't understand what you mean?

Can you show the packets that Charlie sees?  I don't see any way
to add a new ESK on the interior message without invalidating the
signature....

-derek

Terje Braaten <Terje.Braaten@concept.fr> writes:

> David P. Kemp <dpkemp@missi.ncsc.mil> wrote:
> > Your proposal for an extra packet does not address this alleged flaw.
> > Note that Alice could sign a message saying "encrypted to 
> > Bob", and then
> > encrypt and send the message to Charlie, thus framing Bob for breach
> > of confidence.
> 
> Now that I have had time to think about it, the same could be done if
> we used ESE. Alice can encrypt the packet to Bob and save a copy of
> the symmetric key used to encrypt the message before encrypting it with
> Bobs public key. Then she sign the encrypted packet, include some extra
> packet with the session key she saved and encrypt it for Charlie.
> Then Charlie receives an ESE packet where he can decrypt the inner
> encryption
> with the symmtreic key provided. And looking at the signature it looks like
> it is originally encrypted for Bob, so it "must" be Bob that has leaked
> the information and also given him the symmetric key.
> 
> So, in that respect my solution is no inferior to ESE regarding security.
> And you avoid the cost of one extra encryption.
> 
> -- 
> Terje Bråten
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Hal Finney
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt vedaal
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt vedaal
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt vedaal
Re: secure sign & encrypt Jon Callas
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt vedaal
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Hal Finney
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Jon Callas
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Peter Gutmann
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Matthew Byng-Maddick
RE: secure sign & encrypt Dominikus Scherkl
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt David P. Kemp
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Matthew Byng-Maddick
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Dominikus Scherkl
RE: secure sign & encrypt Dominikus Scherkl
Re: secure sign & encrypt disastry
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt disastry
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Peter Gutmann
Re: secure sign & encrypt Michael Young
Re: secure sign & encrypt Paul Hoffman / IMC
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Brian M. Carlson
Re: secure sign & encrypt Jon Callas
Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
RE: secure sign & encrypt john.dlugosz
RE: secure sign & encrypt Terje Braaten