Re: secure sign & encrypt
disastry@saiknes.lv Thu, 23 May 2002 16:16 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16682 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 12:16:08 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NF4ug03895 for ietf-openpgp-bks; Thu, 23 May 2002 08:04:56 -0700 (PDT)
Received: from nekas.saiknes.lv (root@nekas.saiknes.lv [195.2.103.13]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NF4sL03891 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 08:04:55 -0700 (PDT)
Received: from saiknes.lv (hackserv.saiknes.lv [195.2.103.8]) by nekas.saiknes.lv (8.11.4/8.11.4) with ESMTP id g4NF4rR18610 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 17:04:54 +0200
Message-ID: <3CED0510.A968E4DC@saiknes.lv>
Date: Thu, 23 May 2002 17:04:48 +0200
From: disastry@saiknes.lv
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en,lv,ru
MIME-Version: 1.0
To: ietf-openpgp@imc.org
Subject: Re: secure sign & encrypt
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 vedaal wrote: > ----- Original Message ----- > From: "Terje Braaten" <Terje.Braaten@concept.fr> > Sent: Monday, May 20, 2002 7:31 PM > Subject: RE: secure sign & encrypt > > [...] > > > The problem is that most users when they decrypt a message > > that is signed, they will think they can be sure the signer > > and the encrypter is the same person/entity. > > It would be a major improvement in the OpenPGP specification > > to allow applications to ensure that that really is the case. > > [...] > > Functionally, that is the case now in Open PGP. > > Even though a signed and encrypted message can be separated into a > verifiable free standing signed message, and then > re-encrypted and sent on to someone else, > it 'cannot' {afaik} be re-combined into a signed and encrypted message that > appears the same as a de-novo signed and encrypted message. it can be done. it's even not necessary to fully decrypt the message, one can just decrypt only pubkey encryption to get session key, then encrypt this session key to other pubkey! what bothering me more is that fake pubkey encryption packets can be added by man in the middle so that recipient thinks that message was encrypted to him and to other preson. I wrote about it here: http://lists.gnupg.org/pipermail/gnupg-devel/2001-August/006285.html __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPOzo3zBaTVEuJQxkEQOppQCgg9Wmo//Q8wR8zKo3CYwmcji4xOsAnjbP wHIOOfnI8Yf2e8LGYgTisB/p =y4Ky -----END PGP SIGNATURE-----
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten