IETF Logo Mail Archive

RE: secure sign & encrypt

Terje Braaten <Terje.Braaten@concept.fr> Thu, 23 May 2002 13:04 UTC

Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08171 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 09:04:15 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NCux328368 for ietf-openpgp-bks; Thu, 23 May 2002 05:56:59 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NCuvL28358 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 05:56:57 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LPCP1MHN>; Thu, 23 May 2002 14:54:24 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEF@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: RE: secure sign & encrypt
Date: Thu, 23 May 2002 14:54:23 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NCuwL28362
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

Derek Atkins <warlord@MIT.EDU> writes:
> You see, I view this just like regular mail.  There is the envelope
> information, and there is the "letter".  By _CONVENTION_ the person
> writing a letter duplicates the envelope information on the inside.

A very useful picture indeed. The PGP program puts the information
about who it is encrypted to on the envelope on the outside. So
if we want to have this convention the PGP program must also be the
application that put this same information on the inside of the
envelope. The natural place to do this, as I see it, is for the PGP
program to make additional signature packets and put it in the signed
part of the signature.

If the OpenPGP protocol is not changed, there is no way for any PGP
application to implement any such convention. So it has to be a
part of the OpenPGP protocol.


> Repeat to yourself: IT IS A FEATURE THAT SIGN AND ENCRYPT ARE
> SEPARABLE OPERATIONS.  Once you make that statement, there is no way,
> short of layering violations, to do what you want to do except at the
> application later duplicating the information.

And I say it is a security flaw that that sign and encrypt must be
separable operations, and for the implementation of an atomic and secure
sign & encrypt you have to make an exception to this layering model.

-- 
Terje BrĂ¥ten

v2.23.0 | Report a Bug | By Email