Re: secure sign & encrypt
Matthew Byng-Maddick <openpgp@lists.colondot.net> Thu, 23 May 2002 14:19 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA11707 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 10:19:38 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4NEAZ801805 for ietf-openpgp-bks; Thu, 23 May 2002 07:10:35 -0700 (PDT)
Received: from colon.colondot.net (exim@colon.colondot.net [212.135.138.209]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NEAXL01801 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 07:10:33 -0700 (PDT)
Received: from mbm by colon.colondot.net with local (Exim 3.33 #1) id 17AtIY-0005tu-00 for ietf-openpgp@imc.org; Thu, 23 May 2002 15:10:34 +0100
Date: Thu, 23 May 2002 15:10:34 +0100
From: Matthew Byng-Maddick <openpgp@lists.colondot.net>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: secure sign & encrypt
Message-ID: <20020523151034.H31817@colon.colondot.net>
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>; from Terje.Braaten@concept.fr on Thu, May 23, 2002 at 02:22:19PM +0200
Organization: Colondot.net
Mail-Copies-To: never
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On Thu, May 23, 2002 at 02:22:19PM +0200, Terje Braaten wrote: > Matthew Byng-Maddick <openpgp@lists.colondot.net> wrote: > > As others have pointed out, what is the "atomic sign & > > encrypt" of which you > > speak? > I envision that in a not too far feature, we can call the > sign & encrypt function in PGP an atomic sign & encrypt. > This is the solution of the problem that I have been trying > to describe all the time. [...] > Adding a new signature packet called 'encrypted to' (or something > like that) would allow OpenPGP applications to implement > such an atomic sign & encrypt. It could say in the protocol > that an application MAY implement atomic sign & encrypt, > and if it does, it MUST do such and such. Of course, a better way to do this is the obvious one, for the signtext to start with "Dear Bob," and then you know who it was intended for. This is the recommendation in the few cryptographic texts I've read about non-repudiation. This, of course, requires educating users, <sarcasm>which is a much harder problem than attempting to solve it in some convoluted (and probably wrong) cryptographic way.</sarcasm> If your users don't properly understand the attempted guarantees of the cryptosystem, then whatever you do to try and make it better, they will almost certainly make some other assumption about it. MBM -- Matthew Byng-Maddick <mbm@colondot.net> http://colondot.net/
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten