[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: secure sign & encrypt

To: OpenPGP <ietf-openpgp@xxxxxxx>
Subject: RE: secure sign & encrypt
From: Terje Braaten <Terje.Braaten@xxxxxxxxxx>
Date: Wed, 22 May 2002 12:31:32 +0200
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

Jon Callas <jon@xxxxxxxxxx> wrote:
> It's important to understand what's in the envelope and what 
> is not in the
> envelope. The ESK is like the address on an envelope. It's not in the
> envelope. It's outside the envelope and is not protected.

That is a good picture of what is the problem. The solution I proposed
is to put a copy of the address(es) on the outside of the envelope also
inside the envelope. If what is on the outside do not match what is on
the inside the user should get a warning that the message is (most probably)
encrypted by some one else than the person that signed the message.

-- 
Terje Bråten

Prev by Date: Re: secure sign & encrypt
Next by Date: RE: secure sign & encrypt
Previous by thread: RE: secure sign & encrypt
Next by thread: RE: secure sign & encrypt
Index(es):
- Date
- Thread