-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Without handling instructions that cause the signature to be removed,
someone forwarding the
message could cause trouble for the original sender.
I raised this as an issue a few years back on the PGP MIME list, but
the folks there were
unconvinced. It seems they wanted to be able to keep the signature
after decryption.
Should we have a selectable option on sign-encrypt that specifies
that the signature must be
removed from the plaintext after verifying it?
- --
Paul Shields
john(_dot_)dlugosz(_at_)kodak(_dot_)com wrote:
From: John Dlugosz
IMO,
If forwarding the decrypted plaintext also removed the signature,
there
would be less trouble. The content could be reputiated, since it
can't be
distinguised from the forwarder just making it up.
But I think PGP uses "sign, then encrypt" which means software
could
decrypt but leave the signature intact. As I recall, this was
thought to
be a non-problem with respect to re-targeting, because you can put
the
recipient's name in the message at the application level. e.g.
"Dear Sue,"
is part of the message, so it can't be mistaken as a message to
Joan. But
that doesn't handle the issue of private information in the
message. It's
possible for Sue to reveal the signed message to someone else, who
can
verify the signature, without needing Sue's key. I would prefer if
that
were impossible--without Sue's key, the message can't be
authenticated
either.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1
iQA/AwUBPLRQP2+NxmuGaxjwEQIumwCgzWVFUM0ZXZwcR9ghx1Y2co1sFEoAn1Xb
hK3bxFqmPwBbDQnny+QjBZHi
=SG0f
-----END PGP SIGNATURE-----