[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: secure sign & encrypt

To: "OpenPGP (E-mail)" <ietf-openpgp@xxxxxxx>
Subject: RE: secure sign & encrypt
From: Terje Braaten <Terje.Braaten@xxxxxxxxxx>
Date: Wed, 22 May 2002 20:07:41 +0200
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

> -----Original Message-----
> From: Hal Finney [mailto:hal@xxxxxxxxxx]
> Sent: 22. May 2002 19:09
> To: ietf-openpgp@xxxxxxx; Terje.Braaten@xxxxxxxxxx
> Subject: RE: secure sign & encrypt
> 
> 
> The problem is that this sign-and-encrypt issue is just the tip of
> the iceberg.  It is not worth redoing the protocol when there 
> are these
> other issues that will remain unresolved.

I disagree with this. The encryption of a message is much more
fundamentally linked to the signing of the same message, both in
practice and in peoples mind. Since we do have a function called
sign & encrypt in PGP, users will assume that it really is a secure
sign & encrypt, and that they can trust it to be one operation where
the signature and the encryption is linked.

Even more sophisticated users like f.ex. Vedaal on this list, seem to
think that already in PGP you can be sure that the signer is the same as
the encrypter if it appears that the message has been made by a PGP
sign & encrypt operation.

[snip]
> I read the paper and closely followed the extensive discussion on the
> cryptography list when this came out last year.  In my opinion the
> consensus among the professionals on that list was that, properly
> understood, there is more to this than a protocol flaw that can be
> easily patched.  It represents a fundamental property of 
> encrypted email.
> Some data is protected and some is not.

And I think we should make who the message is encrypted to a part
of what is protected, as long as PGP offers a function called sign &
encrypt.

> 
> The real solution is to put the entire email, headers and all, into
> the signed envelope, and then for the receiving software to compare
> the protected headers with those on the actual message.  This will
> detect substition of from/to lines as well as other changes, and will
> work for both signed and signed+encrypted messages.
> 
> We do have data structures to support this via PGP/MIME and the
> Message/rfc822 MIME type.  However actually implementing this
> functionality is difficult as it requires close integration with the
> email software.  In practice, probably only email software providers
> would be in a position to provide this level of functionality.

Yes, this is really an issue that should go into the PGP/MIME standard
as well, and there also protect important headers in the mail like
To, From, Cc, Date, etc.
But here we discuss the core OpenPGP standard, and since it includes
detailed specifications on how sign & encrypt is to be done,
this also should be fixed in this standard.

Also note that this problem is not specific to messages sent by e-mail,
but applies to all messages that is signed & encrypted and may not
naturally contain a To or From field.

-- 
Terje Bråten

Follow-Ups:
- Re: secure sign & encrypt
  - From: Jon Callas

Prev by Date: RE: secure sign & encrypt
Next by Date: Re: secure sign & encrypt
Previous by thread: RE: secure sign & encrypt
Next by thread: Re: secure sign & encrypt
Index(es):
- Date
- Thread