[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure sign & encrypt
Terje Braaten wrote:
> Derek Atkins <warlord@xxxxxxx> writes:
> > Repeat to yourself: IT IS A FEATURE THAT SIGN AND ENCRYPT ARE
> > SEPARABLE OPERATIONS. Once you make that statement, there is no way,
> > short of layering violations, to do what you want to do except at the
> > application later duplicating the information.
> And I say it is a security flaw that that sign and encrypt must be
> separable operations, and for the implementation of an atomic and secure
> sign & encrypt you have to make an exception to this layering model.
Your proposal for an extra packet does not address this alleged flaw.
Note that Alice could sign a message saying "encrypted to Bob", and then
encrypt and send the message to Charlie, thus framing Bob for breach
You can't take two operations that are inherently separable and create
a magic hack that makes them inherently and verifiably atomic. Each
layer does what it does - if you want the security services provided
by three layers (ESE), or what S/MIME calls triple-wrapping (SES),
then you must use three layers.