Re: A brief comparison of email encryption protocols

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Ned Freed: "Re: A brief comparison of email encryption protocols"
• Maybe in reply to: Raph Levien: "A brief comparison of email encryption protocols"

> I asked for a one paragraph recommendation in MOSS.  In most situations,
> signature should be done before encryption.  Heck, one sentence would have
> been enough for implementors to do the right thing.  Imagine a GUI with a
> choice between sign, encrypt, and sign+encrypt.  When the last option is
> selected, signature should be done first.

I don't agree. Donald Eastlake already pointed out the obvious counterexample
-- suppose the intent of the signature is to negotiate access to a restricted
mailing list? It has to be exposed in this case; putting it under the
encryption means the list expander has to decrypt to see it, and this is simply
not something the list expander should have access to.

I also agree with Donald that this is going to be a *very* command use for
signatures in the future. As such, I could argue quite effectively for
inclusion of prose in the specification that says that the preferred sequence
should be encrypt then sign. Do you really want that?

But as I said before, this sort of thing has no place being in the
specification of the protocol. If someone wants to write a document describing
the application of various security nestings and their implications, I have no
problem with that. But not in the protocol itself.

				Ned

• Previous message: Ned Freed: "Re: A brief comparison of email encryption protocols"
• Maybe in reply to: Raph Levien: "A brief comparison of email encryption protocols"