Re: A brief comparison of email encryption protocols

Raph Levien (raph@c2.org)
Mon, 19 Feb 1996 18:59:37 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Housley, Russ: "Re: A brief comparison of email encryption protocols"
In reply to: Raph Levien: "Re: A brief comparison of email encryption protocols"

On Mon, 19 Feb 1996, Housley, Russ wrote:

> 
> Raph:
> 
> At 4:49 PM 2/14/96, Raph Levien wrote:
> >   MOSS is mostly cryptographically sound.
> 
> In fact, MOSS is too flexible.  In most circumstances, signatures should be 
> performed before encryption.  MOSS allows people to sign ciphertext, by 
> putting a multipart/encrypted inside a multipart/signed.  The MOSS 
> specification offers no warnings about this "feature."

   This sounds a little nitpicky to me. Any email encryption protocol 
will allow you to shoot yourself in the foot. Perhaps it would have been 
wise to include such a warning, but I'm not sure it would be much help. 
I wouldn't put much trust in a piece of code written by someone who 
didn't know the difference between E(S(M)) and S(E(M)).

  Besides, the feature really might be useful. For example, the external
signature might be used to defend against denial-of-service attacks. An
email forwarding service might refuse to forward mail unless the signature
checked. Obviously, this presents problems for anonymity, but it is 
possible to imagine situations in which it might be useful.

Raph

Previous message: Housley, Russ: "Re: A brief comparison of email encryption protocols"
In reply to: Raph Levien: "Re: A brief comparison of email encryption protocols"