[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure sign & encrypt

To: Terje Braaten <Terje.Braaten@xxxxxxxxxx>
Subject: Re: secure sign & encrypt
From: Derek Atkins <warlord@xxxxxxx>
Date: 23 May 2002 09:25:42 -0400
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Terje Braaten <Terje.Braaten@xxxxxxxxxx> writes:

> The method I have suggested is to sign the recipient's name into the
> message, as this avoids another costly encryption. Unfortunately
> this is very disturbing to those that think sign and encrypt must
> and should be independent layers in the protocol. But I think
> there should be possible to open up for certain exceptions to this
> layer thinking when security needs demands it.

As has been pointed out, you do NOT need an automated method to
do this.  Just put a plane user-readable string of the recipient's
identity into the signed message -- the PLAINTEXT message.

This is something that the MUA would do and requires no changes to the
PGP Protocol.

Note that any user with any intelligence would know that a message
that begins "Dear Bob" was _not_ meant for Charlie.

> Terje Bråten

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available

References:
- RE: secure sign & encrypt
  - From: Terje Braaten

Prev by Date: Re: secure sign & encrypt
Next by Date: Re: secure sign & encrypt
Previous by thread: RE: secure sign & encrypt
Next by thread: RE: secure sign & encrypt
Index(es):
- Date
- Thread