[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: secure sign & encrypt

To: "'Derek Atkins'" <warlord@xxxxxxx>, disastry@xxxxxxxxxx
Subject: RE: secure sign & encrypt
From: Terje Braaten <Terje.Braaten@xxxxxxxxxx>
Date: Thu, 23 May 2002 22:09:25 +0200
Cc: ietf-openpgp@xxxxxxx
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

Derek Atkins <warlord@xxxxxxx> wrote:
> 
> This doesn't help.  Any recipient could re-encrypt the message and
> change the list of encrypted recipients.
> 

Sure it helps against the man in the middle that disastry wanted to
protect against. Any recipient of an encrypted message can do what
he like with it anyway, so no of course it does not help against
any unfaithful recipient.

-- 
Terje Bråten


> > disastry wrote:
> > > fake pubkey encryption packets can be added
> > > by man in the middle so that recipient thinks that 
> message was encrypted
> > > to him and to other preson.
> > > 
> > > I wrote about it here:
> > > 
> http://lists.gnupg.org/pipermail/gnupg-devel/2001-August/006285.html
> > 
> > I think this can be solved by modifying
> > Sym. Encrypted Integrity Protected Data Packet (Tag 18).
> > 
> > Now it is:
> > 
> > version byte == 1
> > encrypted data
> > 
> > encrypted data consists of:
> >   encrypted iv
> >   encrypted plaintext
> >   encrypted Modification Detection Code Packet (Tag 19)
> > 
> > I suggest:
> > 
> > version byte == 2
> > encrypted data
> > 
> > encrypted data consists of:
> >   encrypted iv
> >   encrypted Recipients packet (Tag 20)
> >     (put it before plaintext - if it would be after it would
> >      be difficult to find where plaintext ends, when decrypting)
> >   encrypted plaintext
> >   encrypted Modification Detection Code Packet (Tag 19)
> > 
> > Recipients packet
> >   version byte == 1
> >   number of recipients, 2 bytes (should be enough..)
> >   number_of_recipients*20 byte list of fingerprints recipient keys
> >     (16 byte RSA v3 key fingerprints are appended with 4 zeros
> >      (or maybe with 4 lowest keyid bytes? I think, it's 
> even better))
> > 
> > 
> > this ensures that recipient list is intact not only for 
> signed & encrypted messages
> > but also for encrypted only messages.
> > 
> > __
> > Disastry  http://disastry.dhs.org/
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@xxxxxxx                        PGP key available
>

Follow-Ups:
- Re: secure sign & encrypt
  - From: Derek Atkins

Prev by Date: RE: secure sign & encrypt
Next by Date: Re: secure sign & encrypt
Previous by thread: Re: secure sign & encrypt
Next by thread: Re: secure sign & encrypt
Index(es):
- Date
- Thread