RE: secure sign & encrypt

Terje Braaten <Terje.Braaten@concept.fr> Thu, 30 May 2002 05:53 UTC

Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABFC@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: "OpenPGP (E-mail)" <ietf-openpgp@imc.org>
Subject: RE: secure sign & encrypt
Date: Thu, 30 May 2002 07:38:22 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
Content-Transfer-Encoding: 8bit

Michael Young writes that "The intended recipient is only one of many
pieces of context that a user might mistakenly believe was included
in the signed material." That is correct, but I will still argue that
the information on which keys the message is encrypted to (or intended
to be encrypted to) is special, and belongs in the OpenPGP standard.

It is not only mail that can be signed and encrypted with OpenPGP,
it can be all kinds of electronic documents and messages. When f.ex.
an "X-To-PGP-Key" header might be an adequate solution for e-mail
messages, it will not fit at all for other sorts of messages.
In fact, the only meta data about a message that is common to all
encrypted messages is the recipient public keys. And since this
is meta data about the message that is always present, I think
it is very appropriate to be specified in the protocol a convention
on how this is to be protected in a message that is signed and encrypted.

(If we could just have an optional sub packet on the signature in the first
round I would be happy.)

-- 
Terje Bråten

secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Hal Finney
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt vedaal
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt vedaal
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt vedaal
Re: secure sign & encrypt Jon Callas
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt vedaal
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Hal Finney
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Jon Callas
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Peter Gutmann
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Matthew Byng-Maddick
RE: secure sign & encrypt Dominikus Scherkl
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt David P. Kemp
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Matthew Byng-Maddick
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Dominikus Scherkl
RE: secure sign & encrypt Dominikus Scherkl
Re: secure sign & encrypt disastry
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt disastry
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Derek Atkins
Re: secure sign & encrypt Derek Atkins
RE: secure sign & encrypt Terje Braaten
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Peter Gutmann
Re: secure sign & encrypt Michael Young
Re: secure sign & encrypt Paul Hoffman / IMC
RE: secure sign & encrypt Terje Braaten
Re: secure sign & encrypt Brian M. Carlson
Re: secure sign & encrypt Jon Callas
Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
RE: secure sign & encrypt john.dlugosz
RE: secure sign & encrypt Terje Braaten