[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure sign & encrypt

To: Terje Braaten <Terje.Braaten@xxxxxxxxxx>
Subject: Re: secure sign & encrypt
From: Derek Atkins <warlord@xxxxxxx>
Date: 23 May 2002 08:32:08 -0400
Cc: OpenPGP <ietf-openpgp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Terje Braaten <Terje.Braaten@xxxxxxxxxx> writes:

> Alice makes a love poem, signs & encrypts it and sends it to Bob.
> Some months later they have broken up with each other. Bob decides
> to be mean to Alice, and encrypts the signed love poem and sends it
> to Charlie, faking the From header in the mail so it look likes it is
> from Alice. Then Charlie has a message that is encrypted to him and signed
> by Alice. It seems to Charlie like it is created by sign & encrypt in
> PGP, so he is convinced this must be a message from Alice that she
> has encrypted specially for him.

Note that this will already say:

Good signature from Alic.
Signature made <Date three months ago>

Don't you think Charlie would be suspicious about that?  I would
certainly be suspicious if the signature date wasn't pretty close
to the mail date.  And I would also be suspicious if the mail date
wasn't close to "today".

> What I would like is any PGP implementation to be able to display a message
> like "Good signature from nn. Warning, this message is not made with atomic
> sign & encrypt, and may be encrypted by some one else."

You see, I view this just like regular mail.  There is the envelope
information, and there is the "letter".  By _CONVENTION_ the person
writing a letter duplicates the envelope information on the inside.
This is not done automatically by the Postal Service, nor is it done
automatically by the enveloping process.  A user could just as easily
leave that information out of the letter (thereby opening themselves
to this same attack in meatspace).

This is not something that should be solved at the Protocol Layer.
Repeat to yourself: IT IS A FEATURE THAT SIGN AND ENCRYPT ARE
SEPARABLE OPERATIONS.  Once you make that statement, there is no way,
short of layering violations, to do what you want to do except at the
application later duplicating the information.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available

References:
- RE: secure sign & encrypt
  - From: Terje Braaten

Prev by Date: RE: secure sign & encrypt
Next by Date: Re: secure sign & encrypt
Previous by thread: Re: secure sign & encrypt
Next by thread: RE: secure sign & encrypt
Index(es):
- Date
- Thread