Re: A brief comparison of email encryption protocols

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Housley, Russ: "Re: A brief comparison of email encryption protocols"
• Previous message: Stephen Kent: "PSRG input to IMC meeting"
• Maybe in reply to: Raph Levien: "A brief comparison of email encryption protocols"
• Next in thread: Housley, Russ: "Re: A brief comparison of email encryption protocols"

Harald:

>>In fact, MOSS is too flexible.  In most circumstances, signatures should be 
>>performed before encryption.  MOSS allows people to sign ciphertext, by 
>>putting a multipart/encrypted inside a multipart/signed.  The MOSS 
>>specification offers no warnings about this "feature."
>
>Russ, could you give your reasoning for saying that this is a bug, not a 
>feature? I could imagine some (weird) scenarios where I'd want to sign 
>ciphertext, for instance if I wanted to sign to the fact that I'd passed 
>on someone else's encrypted messages.  Look at the comp.os.linux.announce 
>newsgroup for a case where one person is PGP-signing messages that someone 
>else sent - people will use this stuff in ways I can't even imagine.  That 
>said, an applicability statement for MOSS, saying what is or is not a good 
>idea, might be a Good Thing.

I wonder why you would want to sign ciphertext generated by someone else?  
This is especially "weird" if you do not have the key to decrypt the message.

Yes, I think that a statement saying that signature should be applied before
encryption is a very good idea.

Russ

• Next message: Housley, Russ: "Re: A brief comparison of email encryption protocols"
• Previous message: Stephen Kent: "PSRG input to IMC meeting"
• Maybe in reply to: Raph Levien: "A brief comparison of email encryption protocols"
• Next in thread: Housley, Russ: "Re: A brief comparison of email encryption protocols"