Re: secure sign & encrypt
Derek Atkins <warlord@mit.edu> Thu, 23 May 2002 19:51 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA24384 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 15:51:09 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NJgpT12692 for ietf-openpgp-bks; Thu, 23 May 2002 12:42:51 -0700 (PDT)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NJgnL12688 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 12:42:49 -0700 (PDT)
Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id PAA26410; Thu, 23 May 2002 15:42:51 -0400 (EDT)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by grand-central-station.mit.edu (8.9.2/8.9.2) with ESMTP id PAA19705; Thu, 23 May 2002 15:42:50 -0400 (EDT)
Received: from gorf.mit.edu (GORF.MIT.EDU [18.18.1.77]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id PAA01128; Thu, 23 May 2002 15:42:50 -0400 (EDT)
Received: (from warlord@localhost) by gorf.mit.edu (8.9.3) id PAA17943; Thu, 23 May 2002 15:42:50 -0400
To: Terje Braaten <Terje.Braaten@concept.fr>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: secure sign & encrypt
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF3@csexch.Conceptfr.net>
From: Derek Atkins <warlord@mit.edu>
Date: Thu, 23 May 2002 15:42:50 -0400
In-Reply-To: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF3@csexch.Conceptfr.net>
Message-ID: <sjmd6vm1whx.fsf@gorf.mit.edu>
Lines: 43
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NJgnL12689
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
I'm not sure exactly what you mean by when you say Alice saves a copy of the session key... How does Alice get that key to Charlie? Also keep in mind that the interior and exterior encryptions SHOULD be using different session keys. So, I don't understand what you mean? Can you show the packets that Charlie sees? I don't see any way to add a new ESK on the interior message without invalidating the signature.... -derek Terje Braaten <Terje.Braaten@concept.fr> writes: > David P. Kemp <dpkemp@missi.ncsc.mil> wrote: > > Your proposal for an extra packet does not address this alleged flaw. > > Note that Alice could sign a message saying "encrypted to > > Bob", and then > > encrypt and send the message to Charlie, thus framing Bob for breach > > of confidence. > > Now that I have had time to think about it, the same could be done if > we used ESE. Alice can encrypt the packet to Bob and save a copy of > the symmetric key used to encrypt the message before encrypting it with > Bobs public key. Then she sign the encrypted packet, include some extra > packet with the session key she saved and encrypt it for Charlie. > Then Charlie receives an ESE packet where he can decrypt the inner > encryption > with the symmtreic key provided. And looking at the signature it looks like > it is originally encrypted for Bob, so it "must" be Bob that has leaked > the information and also given him the symmetric key. > > So, in that respect my solution is no inferior to ESE regarding security. > And you avoid the cost of one extra encryption. > > -- > Terje BrĂ¥ten > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten