On Thu, May 30, 2002 at 07:38:22AM +0200, Terje Braaten wrote: > > Michael Young writes that "The intended recipient is only one of many > pieces of context that a user might mistakenly believe was included > in the signed material." That is correct, but I will still argue that > the information on which keys the message is encrypted to (or intended > to be encrypted to) is special, and belongs in the OpenPGP standard. > > It is not only mail that can be signed and encrypted with OpenPGP, > it can be all kinds of electronic documents and messages. When f.ex. > an "X-To-PGP-Key" header might be an adequate solution for e-mail > messages, it will not fit at all for other sorts of messages. > In fact, the only meta data about a message that is common to all > encrypted messages is the recipient public keys. And since this > is meta data about the message that is always present, I think > it is very appropriate to be specified in the protocol a convention > on how this is to be protected in a message that is signed and encrypted. > > (If we could just have an optional sub packet on the signature in the first > round I would be happy.) You can have this. The standard declares that subpackets 100 to 110 are "internal or user-defined". You can even set the critical bit on it if you like. This should solve your problem. Your only other problem is to convince an implementer to implement this subpacket, or you can implement it yourself. Do know that gpg has used 101 in the past for internal purposes; this might be a bad choice. This subpacket is completely optional; in fact all but two subpackets are: the creation time, and the issuer. Therefore, this discussion can end, knowing everybody is happy. -- Brian M. Carlson <karlsson@xxxxxxxxxx> OpenPGP: 0x351336B2DCA1913A
Attachment:
pgp7hYFdh75gH.pgp
Description: PGP signature