Re: Bug#40394: forwarding an encrypted PGP message is useless
pgut001@cs.auckland.ac.nz (Peter Gutmann) Thu, 11 April 2002 06:32 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA20780 for <openpgp-archive@odin.ietf.org>; Thu, 11 Apr 2002 02:32:52 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g3B6Nko15707 for ietf-openpgp-bks; Wed, 10 Apr 2002 23:23:46 -0700 (PDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3B6Ngm15681; Wed, 10 Apr 2002 23:23:43 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g3B6NaXv017048; Thu, 11 Apr 2002 18:23:36 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id SAA409290; Thu, 11 Apr 2002 18:23:34 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Thu, 11 Apr 2002 18:23:34 +1200
Message-ID: <200204110623.SAA409290@ruru.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz
To: ietf-822@imc.org, sroberts@uniserve.com
Subject: Re: Bug#40394: forwarding an encrypted PGP message is useless
Cc: ietf-openpgp@imc.org, john.dlugosz@kodak.com, kmail@kde.org, mutz@kde.org, shields@passport.ca
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Sam Roberts <sroberts@uniserve.com> writes: >S/MIME only uses the signed and enveloped types from CMS, but RFC2630 >specifies authenticated as well. Its not well described there, but it is a >way of "signing" something using a key agreement algorithm, such that the >signature can ONLY be verified by using the sender or the receiver's >private key. Hmm, are you sure you're not interpreting a bit too much into this data type? The intent is to allow MAC'ing of data, and to do that you need to share a key with the other side, which is why you need a key exchange to precede it. One of those happens to be X9.42. There are two issues with this: 1. The only implementation which is known to support X9.42 in any useful manner is the SFL. 2. There don't seem to be any implementations which support authenticatedData, or at least that was the case when I asked on the S/MIME list a while back for someone to do some interop testing with. (Oh, and the obvious third point: If you're doing a PKC operation for the key exchange anyway, you may as well just sign the thing directly. At best, you can claim that this gives you a signature capability using an encryption-only key). I've always seen the only real use for this data type as password- based integrity protection for data you're carrying around, using in conjunction with passwordRecipientInfo. >What this gives you is repudiation. If I authenticate something to >you, you know I authenticated it. But if you forward it somebody >else, they can't verify the signature, they have no way of knowing >for sure that I authenticated it, and I can deny it. Even if the >recipients private key is compromised, they still can't prove >that *I* authenticated it, since either one of us can create the >"signature", all they know is one of us made the authenticated data. Well, only if you use some of the obscure X9.42 options which don't identify sender and receiver. The default is to list both, although there are a pile of optional parameters and with only one known implementation who knows what will happen in real life. Peter.
- Re: Bug#40394: forwarding an encrypted PGP messag… Marc Mutz
- Re: Bug#40394: forwarding an encrypted PGP messag… Arnt Gulbrandsen
- RE: Bug#40394: forwarding an encrypted PGP messag… Leon Kuunders
- Re: Bug#40394: forwarding an encrypted PGP messag… Simon Josefsson
- Re: Bug#40394: forwarding an encrypted PGP messag… john.dlugosz
- Re[2]: Bug#40394: forwarding an encrypted PGP mes… Clinton E. Troutman
- Re: Bug#40394: forwarding an encrypted PGP messag… Jon Callas
- Re: Bug#40394: forwarding an encrypted PGP messag… Magnus von Koeller
- Re: Bug#40394: forwarding an encrypted PGP messag… Graham Klyne
- Re: Bug#40394: forwarding an encrypted PGP messag… Keith Moore
- Re: Bug#40394: forwarding an encrypted PGP messag… Paul Shields
- Re: Bug#40394: forwarding an encrypted PGP messag… Derek Atkins
- Re: Bug#40394: forwarding an encrypted PGP messag… ned.freed
- Re: Bug#40394: forwarding an encrypted PGP messag… john.dlugosz
- Re: Bug#40394: forwarding an encrypted PGP messag… Thomas Roessler
- Re: Bug#40394: forwarding an encrypted PGP messag… Paul Shields
- Re: Bug#40394: forwarding an encrypted PGP messag… Marc Mutz
- Re: Bug#40394: forwarding an encrypted PGP messag… Keith Moore
- Re: Bug#40394: forwarding an encrypted PGP messag… Marc Mutz
- Re: Bug#40394: forwarding an encrypted PGP messag… john.dlugosz
- Re: Bug#40394: forwarding an encrypted PGP messag… Volker Augustin
- Re: Bug#40394: forwarding an encrypted PGP messag… Keith Moore
- Re: Bug#40394: forwarding an encrypted PGP messag… Sam Roberts
- Re: Bug#40394: forwarding an encrypted PGP messag… Volker Augustin
- Re: Bug#40394: forwarding an encrypted PGP messag… Peter Gutmann