[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "The OpenPGP mail and news header" extenssion

To: Simon Josefsson <jas@xxxxxxxxxxx>
Subject: Re: "The OpenPGP mail and news header" extenssion
From: David Srbecky <dsrbecky@xxxxxxxxx>
Date: Thu, 11 Aug 2005 23:55:59 +0200
Cc: openpgp <ietf-openpgp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc
References: <> <> <> <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Simon Josefsson wrote:


I understand.  Implement your scheme and write a draft about it!  I
think your ideas are too far-fetching to be reasonable added to this
document.  There are many details that has to be solved.

This is something I hoped to be helped with. I think I lack the required language skill, background knowledge and experience to write a standard.

Do you want to help?

Please!!!

The discussion here made me realize there may be merit with all three variants.

Three or maybe even four, five? I was trying to decide whether to use preference=sign,encrypt or preference=encrypt,sign and I realized that they may be different. You can:

- sign and then encrypt - in which case only the recipient can verify signature after decryption - encrypt and then sign - in which case anyone can verify the signature before decryption, but no-one after decryption - sign, encrypt and then sign again - in which case anyone can verify signature before decryption and also the recipient can verify signature after decryption (in case someone likes to store decrypted messages)

Is that correct?

Anyway, I vote to use preference=encrypt,sign and ignore the rest. At least for the moment.

On the other hand, preference=insecure means that user does *not* want to receive any signed or encrypted messages. I would imagine that many maillists will use this option to keep their messages clean.
I'm not sure this is a good idea.  The OpenPGP header is not protected
in any way.  If someone inject a 'OpenPGP: preference=insecure' and
that caused MUAs to avoid a default behavior of signing/encrypting
messages, that would be a security problem.

You are absolutely correct - it is really difficult issue. In other words, preference should increase security, but never decrease.

I think it is possible to do just fine without preference=insecure. For example, MUA can set the default (minimal) security based on that whether recipients email address is on keyserver. If yes, sign by default. If no, send insecure message by default. This way, everyone with public key will get at least signed message and others (including maillists) will get signed messages only if they wish.

Still, the best solution is to complement the preference with attributes stored in public key.


Thanks,
David

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- "The OpenPGP mail and news header" extenssion
  - From: David Srbecky
- Re: "The OpenPGP mail and news header" extenssion
  - From: Simon Josefsson
- Re: "The OpenPGP mail and news header" extenssion
  - From: David Srbecky
- Re: "The OpenPGP mail and news header" extenssion
  - From: Simon Josefsson

Prev by Date: Re: "The OpenPGP mail and news header" extenssion
Previous by thread: Re: "The OpenPGP mail and news header" extenssion
Next by thread: "The OpenPGP mail and news header" extenssion
Index(es):
- Date
- Thread