[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure sign & encrypt

To: Terje Braaten <Terje.Braaten@xxxxxxxxxx>
Subject: Re: secure sign & encrypt
From: Derek Atkins <warlord@xxxxxxx>
Date: 23 May 2002 08:46:45 -0400
Cc: OpenPGP <ietf-openpgp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Terje Braaten <Terje.Braaten@xxxxxxxxxx> writes:

> The problem is that even though sign & encrypt is not atomic
> now, that is what most users expect. I do not find it
> satisfying as a programmer to have to say to the users
> "Sorry, but the OpenPGP protocol do not allow any atomic
> sign & encrypt that would have solved your problem, so
> you will have to do without."

I disagree that all users are calmoring for this feature, but I
suppose we will have to agree to disagree on that.

> Adding a new signature packet called 'encrypted to' (or something
> like that) would allow OpenPGP applications to implement
> such an atomic sign & encrypt. It could say in the protocol
> that an application MAY implement atomic sign & encrypt,
> and if it does, it MUST do such and such.

Just so long as the user has to specifically specify this
functionality.  Note that this is a tradeoff and you LOSE a nice
feature of PGP in the process.  The feature that you lose is
repudiation of the recipient of a message.  You can honestly say to a
judge "I have no idea how he got that message -- I didn't encrypt it
to him".  Maybe you don't consider that a feature; some people do.

> My suggestion for a protocol for atomic sign & encrypt is
> that the application MUST make an 'encrypted to' packet in
> the signature for each key the message and signature packet
> is encrypted to in the encryption packet.
> These 'encrypted to' packets MUST be in the signed part of the signature.

As has already been suggested, the Notation packet can already do
this.  Just create an "encrypted-to" notation convention and publish
it as and RFC (and then convince people to implement it).  You do not
need any new packets to do what you want.

> An application that implement decrypt & verify MUST/SHOULD warn the user if
> the key used to decrypt the message is not found in an 'encrypted to'
> packet in the signature if the signature contains 'encrypted to'
> packets and thus indicates that the message is created by an atomic
> sign & encrypt.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available

References:
- RE: secure sign & encrypt
  - From: Terje Braaten

Prev by Date: Re: secure sign & encrypt
Next by Date: RE: secure sign & encrypt
Previous by thread: RE: secure sign & encrypt
Next by thread: Re: secure sign & encrypt
Index(es):
- Date
- Thread