[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure sign & encrypt

To: ietf-openpgp@xxxxxxx, Terje.Braaten@xxxxxxxxxx
Subject: Re: secure sign & encrypt
From: "Hal Finney" <hal@xxxxxxxxxx>
Date: Mon, 20 May 2002 15:12:26 -0700
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

There was quite a bit of discussion about this last year on the
cryptography mailing list.  I thought Jon Callas' message was good,
pointing out the wider ramifications of this kind of "failure":
http://www.mit.edu:8008/bloom-picayune/crypto/8891.

It is really not clear that solving it is as simple as adding a new
packet.  There are still other ways that things can go wrong, such
as simply redirecting a clear-signed message.  The fundamental problem
is that people don't understand what is protected and what isn't in
a signed mail message.

Hal

Prev by Date: secure sign & encrypt
Next by Date: RE: secure sign & encrypt
Previous by thread: secure sign & encrypt
Next by thread: RE: secure sign & encrypt
Index(es):
- Date
- Thread