IETF Logo Mail Archive

RE: secure sign & encrypt

Terje Braaten <Terje.Braaten@concept.fr> Tue, 21 May 2002 14:38 UTC

Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12381 for <openpgp-archive@odin.ietf.org>; Tue, 21 May 2002 10:38:50 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4LEUma21788 for ietf-openpgp-bks; Tue, 21 May 2002 07:30:48 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4LEUjL21783 for <ietf-openpgp@imc.org>; Tue, 21 May 2002 07:30:46 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LK94MCPJ>; Tue, 21 May 2002 16:28:17 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABE4@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: "'ietf-openpgp@imc.org'" <ietf-openpgp@imc.org>
Subject: RE: secure sign & encrypt
Date: Tue, 21 May 2002 16:28:16 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4LEUlL21785
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

vedaal <vedaal@hotmail.com> wrote:
> 
> ----- Original Message -----
> From: "Terje Braaten" <Terje.Braaten@concept.fr>
> To: <ietf-openpgp@imc.org>
> Sent: Monday, May 20, 2002 7:31 PM
> Subject: RE: secure sign & encrypt
> 
> [...]
> 
>  > The problem is that most users when they decrypt a message
> > that is signed, they will think they can be sure the signer
> > and the encrypter is the same person/entity.
> > It would be a major improvement in the OpenPGP specification
> > to allow applications to ensure that that really is the case.
> 
> [...]
> 
> Functionally, that is the case now in Open PGP.

How can that be? Which functionality in Open PGP are you referring to?
Is it specified anywhere in the RFC?

> 
> Even though a signed and encrypted message can be separated into a
> verifiable free standing signed message, and then
> re-encrypted and sent on to someone else,
> it 'cannot' {afaik} be re-combined into a signed and 
> encrypted message that
> appears the same as a de-novo signed and encrypted message.
> 
> The most that can be done with the separation and 
> re-encryption, is to have
> a message, that upon decryption, is clearsigned,
> or armored signed, and even the armored signed message is clearly of a
> different form than a de novo armored signed message;
> {a de novo armored signed message always has the message 
> block begin with
> the letters 'ow', the separated armored signed
> message never does}.
> 
> Someone receiving a re-encrypted separated signed message, 
> can instantly
> tell upon decryption, that it was an 'intentionally'
> re-encrypted message, and not an original.

If the attacker only an ordinary user, that might be the case.
But if who the message is supposed to be encrypted to is not signed
when the signature is added, it is only a matter of being a good programmer
to fake a "signed & encrypted" message, given the Open PGP standard
as it is today.

We should not rely on security through obscurity.


-- 
Terje BrĂ¥ten

v2.23.0 | Report a Bug | By Email