ietf-openpgp
[Top] [All Lists]

Re: Secure receipts

1997-10-16 13:01:09
-----BEGIN PGP SIGNED MESSAGE-----

Why does a receipt need to be secure?

I would have thought the people on this list, above all, would
appreciate the need for security ;-) When I send important messages, I
like to know they have been received. An unsigned reply, whatever form
it took, could be sent by an attacker who had intercepted my message.

You could get your mailer to simply create a signed message with a body
saying "Your message of x (id x) was received at x". However, it is
*much* easier for automated processing at the other end if it is a
packet. In fact, using a packet scheme, you can have two levels of
compliance. The receipt packet could be sent inside a clearsigned
message saying "your message received". A mailer which didn't understand
receipts would simply check the signature (if it was PGP compatible) of
the message. A receipt-compatible mailer could take several actions. The
one I would like most is to look in my Sent-mail folder; if it finds the
message referred to by the receipt, it can mark it as "securely
received". 

A receipt would also be *extremely* useful for other protocols where
important data is being transmitted over an insecure link and the sender
*needs* to know that it has arrived safely.

Ian.

-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.2.2

iQCVAgUBNEZwGppi0bQULdFRAQHeGgP/TW4hNcIt5DmIq/CeikNvog4CtzbDAHrT
NtOdA9CCzPszFC06awC3NwBG2vx1liIomfowkbWhFSm/w6TF9KBNYgz3SgHpSGTm
r3c0BkcHNwTjlEqrT0fZdFNfLAZ+wyByr/8iDrvteaW68Ey2kve3F3/snPafxIuP
yfBMZMASmw4=
=Qrw3
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>