RE: secure sign & encrypt
Terje Braaten <Terje.Braaten@concept.fr> Thu, 23 May 2002 12:34 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07027 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 08:34:26 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NCP0b25169 for ietf-openpgp-bks; Thu, 23 May 2002 05:25:00 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NCOwL25165 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 05:24:58 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LPCP1MFF>; Thu, 23 May 2002 14:22:20 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABEE@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: RE: secure sign & encrypt
Date: Thu, 23 May 2002 14:22:19 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NCOxL25166
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
Matthew Byng-Maddick <openpgp@lists.colondot.net> wrote: > > As others have pointed out, what is the "atomic sign & > encrypt" of which you > speak? I envision that in a not too far feature, we can call the sign & encrypt function in PGP an atomic sign & encrypt. This is the solution of the problem that I have been trying to describe all the time. The problem is that even though sign & encrypt is not atomic now, that is what most users expect. I do not find it satisfying as a programmer to have to say to the users "Sorry, but the OpenPGP protocol do not allow any atomic sign & encrypt that would have solved your problem, so you will have to do without." Adding a new signature packet called 'encrypted to' (or something like that) would allow OpenPGP applications to implement such an atomic sign & encrypt. It could say in the protocol that an application MAY implement atomic sign & encrypt, and if it does, it MUST do such and such. My suggestion for a protocol for atomic sign & encrypt is that the application MUST make an 'encrypted to' packet in the signature for each key the message and signature packet is encrypted to in the encryption packet. These 'encrypted to' packets MUST be in the signed part of the signature. An application that implement decrypt & verify MUST/SHOULD warn the user if the key used to decrypt the message is not found in an 'encrypted to' packet in the signature if the signature contains 'encrypted to' packets and thus indicates that the message is created by an atomic sign & encrypt. -- Terje BrĂ¥ten
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten