[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shortcomings of current schemes (Was: One-pass signatures)
At 05:42 PM 7/25/98 , Hal Finney wrote:
>Bob could require/request his customers to prepare their messages in
>two passes, the first one to clearsign them and the second one to
>encrypt them. Then when he processed the messages he could decrypt
>and leave a clearsigned message, on which the signature could be
>checked but the message left in clearsigned form.
This was the option I referred to when I said "without much nonsense on the
Bob's clients would be annoyed and there would be constant non-compliance
and customer service strife.
>We at NetAss
Please tell me this abbreviation was intentional.
>have considered changing the default behavior of the
>encrypt-and-sign option to behave in this manner (clearsign then encrypt).
Continue considering it, please?
>Unfortunately, messages prepared in this way require users with current
>client software to manually run two passes to decrypt and verify.
>The need for backwards compatibility has prevented us from going forward
>with this scheme.
>We have had some discussion on OpenPGP of a flag, perhaps in the literal
>packet, which would indicate that messages are in this form. Perhaps a
>future version will have a clean way of doing this.
I do hope so. If Network Associates is trying to sell these services in
enterprise, and anticipates, as I think they have, a need for archiving and
corporate access as well as anti-repudiation features, it would seem this
is a major issue that has to be addressed.