Re: secure sign & encrypt

[Matthew Byng-Maddick <openpgp@xxxxxxxxxxxxxxxxxx>]

On Thu, May 23, 2002 at 02:22:19PM +0200, Terje Braaten wrote:
> Matthew Byng-Maddick <openpgp@xxxxxxxxxxxxxxxxxx> wrote:
> > As others have pointed out, what is the "atomic sign & 
> > encrypt" of which you
> > speak?
> I envision that in a not too far feature, we can call the
> sign & encrypt function in PGP an atomic sign & encrypt.
> This is the solution of the problem that I have been trying
> to describe all the time.
[...]
> Adding a new signature packet called 'encrypted to' (or something
> like that) would allow OpenPGP applications to implement
> such an atomic sign & encrypt. It could say in the protocol
> that an application MAY implement atomic sign & encrypt,
> and if it does, it MUST do such and such.

Of course, a better way to do this is the obvious one, for the signtext
to start with "Dear Bob," and then you know who it was intended for. This
is the recommendation in the few cryptographic texts I've read about
non-repudiation.

This, of course, requires educating users, <sarcasm>which is a much harder
problem than attempting to solve it in some convoluted (and probably wrong)
cryptographic way.</sarcasm>

If your users don't properly understand the attempted guarantees of the
cryptosystem, then whatever you do to try and make it better, they will
almost certainly make some other assumption about it.

MBM

-- 
Matthew Byng-Maddick         <mbm@xxxxxxxxxxxx>           http://colondot.net/