[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: secure sign & encrypt

To: "Terje Braaten" <Terje.Braaten@xxxxxxxxxx>
Subject: RE: secure sign & encrypt
From: "Dominikus Scherkl" <Dominikus.Scherkl@xxxxxxxxxxxxxxx>
Date: Thu, 23 May 2002 17:40:45 +0200
Cc: <ietf-openpgp@xxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
Thread-index: AcICZSy4NfgnE8BTTXuIkzX1WZqMjQACkHIg
Thread-topic: secure sign & encrypt

Hi!

> > Your proposal for an extra packet does not address this alleged
flaw.
> > Note that Alice could sign a message saying "encrypted to 
> > Bob", and then
> > encrypt and send the message to Charlie, thus framing Bob for breach
> > of confidence.
> 
> No, because then Charlie would know it was something fishy going on.
> He would not now if Alice or Bob (or some one else) was to blame,
> but he would get a warning message saying that this is an invalid
> signed & encrypted message.
Hey, this is an attack at _Bob_ - Charlie don't needs to be nice!
The simple possibility of such attacks discredits the trust in beeing
the original receiver of a message, so we gain nothing!

Best Regards.
-- 
Dominikus Scherkl
dominikus.scherkl@xxxxxxxxxxxxxxx

Prev by Date: Re: secure sign & encrypt
Next by Date: RE: secure sign & encrypt
Previous by thread: Re: secure sign & encrypt
Next by thread: RE: secure sign & encrypt
Index(es):
- Date
- Thread