IETF Logo Mail Archive

RE: secure sign & encrypt

Terje Braaten <Terje.Braaten@concept.fr> Thu, 23 May 2002 13:24 UTC

Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA09303 for <openpgp-archive@odin.ietf.org>; Thu, 23 May 2002 09:24:37 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g4NDAFP29858 for ietf-openpgp-bks; Thu, 23 May 2002 06:10:15 -0700 (PDT)
Received: from csexch.Conceptfr.net (mail.concept-agresso.com [194.250.222.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NDACL29854 for <ietf-openpgp@imc.org>; Thu, 23 May 2002 06:10:12 -0700 (PDT)
Received: by csexch.Conceptfr.net with Internet Mail Service (5.5.2653.19) id <LPCP1MH0>; Thu, 23 May 2002 15:07:39 +0200
Message-ID: <1F4F2D8ADFFCD411819300B0D0AA862E29ABF0@csexch.Conceptfr.net>
From: Terje Braaten <Terje.Braaten@concept.fr>
To: ietf-openpgp@imc.org
Subject: RE: secure sign & encrypt
Date: Thu, 23 May 2002 15:07:38 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NDADL29855
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

Dominikus Scherkl <mailto:Dominikus.Scherkl@glueckkanja.com> wrote:
> I see no other way than "encrypt, sign and encrypt" (ESE)
> to archive all cyptografic goals which seems inportant to me:

Yes that is one of the five methods Don Davis wrote about as a solution in
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html

I agree with you that SES is not a good solution because it leaves
the signature unprotected at the outer layer.

The method I have suggested is to sign the recipient's name into the
message, as this avoids another costly encryption. Unfortunately
this is very disturbing to those that think sign and encrypt must
and should be independent layers in the protocol. But I think
there should be possible to open up for certain exceptions to this
layer thinking when security needs demands it.

-- 
Terje BrĂ¥ten

v2.23.0 | Report a Bug | By Email