[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure sign & encrypt
I'm not sure exactly what you mean by when you say Alice saves a copy
of the session key... How does Alice get that key to Charlie? Also
keep in mind that the interior and exterior encryptions SHOULD be
using different session keys. So, I don't understand what you mean?
Can you show the packets that Charlie sees? I don't see any way
to add a new ESK on the interior message without invalidating the
signature....
-derek
Terje Braaten <Terje.Braaten@xxxxxxxxxx> writes:
> David P. Kemp <dpkemp@xxxxxxxxxxxxxx> wrote:
> > Your proposal for an extra packet does not address this alleged flaw.
> > Note that Alice could sign a message saying "encrypted to
> > Bob", and then
> > encrypt and send the message to Charlie, thus framing Bob for breach
> > of confidence.
>
> Now that I have had time to think about it, the same could be done if
> we used ESE. Alice can encrypt the packet to Bob and save a copy of
> the symmetric key used to encrypt the message before encrypting it with
> Bobs public key. Then she sign the encrypted packet, include some extra
> packet with the session key she saved and encrypt it for Charlie.
> Then Charlie receives an ESE packet where he can decrypt the inner
> encryption
> with the symmtreic key provided. And looking at the signature it looks like
> it is originally encrypted for Bob, so it "must" be Bob that has leaked
> the information and also given him the symmetric key.
>
> So, in that respect my solution is no inferior to ESE regarding security.
> And you avoid the cost of one extra encryption.
>
> --
> Terje Bråten
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@xxxxxxx PGP key available