[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "The OpenPGP mail and news header" extenssion



On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote:
> Jeroen Massar wrote:
> > On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote:
> > 
> >>Jeroen Massar wrote:
> >>
> >>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote:
> >>>
> >>>
> >>>>Jeroen Massar wrote:
> >>>
> >>><SNIP>
> >>>
> >>>>>* sign(encrypt(message))
> >>>
> >>><SNIP>
> >>>
> >>>>More importantly, perhaps, Krawczyk has shown that, in general, sign 
> >>>>then encrypt is insecure.
> >>>
> >>>
> >>>Which exact paper do you mean?
> >>
> >>http://eprint.iacr.org/2001/045
> > 
> > 
> > Which nicely says, already in the abstract btw, "Thus, while we show the
> > generic security of SSL to be broken, the current standard
> > implementations of the protocol that use the above modes of encryption
> > are safe."
> 
> Sure. What does this have to do with OpenPGP's security?

psst... it was you bringing up that argument about the paper ;)

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part