Re: secure sign & encrypt
"vedaal" <vedaal@hotmail.com> Tue, 21 May 2002 13:10 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA09004 for <openpgp-archive@odin.ietf.org>; Tue, 21 May 2002 09:10:12 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4LCx2G14886 for ietf-openpgp-bks; Tue, 21 May 2002 05:59:02 -0700 (PDT)
Received: from hotmail.com (oe32.law3.hotmail.com [209.185.240.25]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4LCx0L14880 for <ietf-openpgp@imc.org>; Tue, 21 May 2002 05:59:00 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 21 May 2002 05:57:57 -0700
X-Originating-IP: [207.127.12.210]
From: vedaal <vedaal@hotmail.com>
To: ietf-openpgp@imc.org
References: <1F4F2D8ADFFCD411819300B0D0AA862E29ABE3@csexch.Conceptfr.net>
Subject: Re: secure sign & encrypt
Date: Tue, 21 May 2002 08:56:03 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Message-ID: <OE32bjKoMFYsDSzhxRz00000360@hotmail.com>
X-OriginalArrivalTime: 21 May 2002 12:57:57.0238 (UTC) FILETIME=[2106C960:01C200C7]
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
----- Original Message ----- From: "Terje Braaten" <Terje.Braaten@concept.fr> To: <ietf-openpgp@imc.org> Sent: Monday, May 20, 2002 7:31 PM Subject: RE: secure sign & encrypt [...] > The problem is that most users when they decrypt a message > that is signed, they will think they can be sure the signer > and the encrypter is the same person/entity. > It would be a major improvement in the OpenPGP specification > to allow applications to ensure that that really is the case. [...] Functionally, that is the case now in Open PGP. Even though a signed and encrypted message can be separated into a verifiable free standing signed message, and then re-encrypted and sent on to someone else, it 'cannot' {afaik} be re-combined into a signed and encrypted message that appears the same as a de-novo signed and encrypted message. The most that can be done with the separation and re-encryption, is to have a message, that upon decryption, is clearsigned, or armored signed, and even the armored signed message is clearly of a different form than a de novo armored signed message; {a de novo armored signed message always has the message block begin with the letters 'ow', the separated armored signed message never does}. Someone receiving a re-encrypted separated signed message, can instantly tell upon decryption, that it was an 'intentionally' re-encrypted message, and not an original. The only time that this could be a problem, is for very new users, who may inadvertently get into a habit of clearsigning and then encrypting, instead of using the one-function 'sign and encrypt' , and as soon as it is pointed out to them that it is simpler and easier to use 'sign and encrypt' single function, they will probably do so. hth, vedaal
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten