Re: A brief comparison of email encryption protocols

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Harald.T.Alvestrand@uninett.no: "Re: A brief comparison of email encryption protocols"
• Maybe in reply to: Raph Levien: "A brief comparison of email encryption protocols"

>
>Raph:
>
>At 4:49 PM 2/14/96, Raph Levien wrote:
>>   MOSS is mostly cryptographically sound.
>
>In fact, MOSS is too flexible.  In most circumstances, signatures should be 
>performed before encryption.  MOSS allows people to sign ciphertext, by 
>putting a multipart/encrypted inside a multipart/signed.  The MOSS 
>specification offers no warnings about this "feature."
>
>Russ
>
But that is exactly the function that would be required for a timestamping or 
notarization function. An implementation might want to "warn" users, but should 
the specification?


Bob

Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
1-617-466-2820
Jueneman@gte.com

"The opinions expressed are my own, and may or may not agree
with the official position of GTE, if any, on this subject."

• Previous message: Harald.T.Alvestrand@uninett.no: "Re: A brief comparison of email encryption protocols"
• Maybe in reply to: Raph Levien: "A brief comparison of email encryption protocols"