Bill Stewart wrote:-
At 02:34 PM 10/18/1997 +0100, Ian Miller wrote, to
ietf-open-pgp(_at_)imc(_dot_)org
If part of this nonce was replaced by sender-Id,
timestamp and similar data, then Alice would at least learn who had sent
the message (Bob) and when. They might then have to opportunity to contact
the Bob to ask for retransmission and warn of the interception.
No way. This is bad. You don't want traceability built into PGP.
No. You want the _option_ of untraceability. If you have signed the message
then you loose _nothing_ by including sending information in the SKE packet.
(I fully agree that you should not include sender information in unsigned
messages.)
If the sender _wants_ to be traceable, he can sign the message.
However this does not work if Mallory does not give Alice the
conventionally encrypted packet only the SKE packet, and insists (with
Court Order) that it is decrypted. In this case, either Alice goes to jail
(possibly over a packet Mallory forged himself) or Mallory decrypts the
message without Alice even knowing who sent it. Clearly allowing Alice to
determine the sender is not an enormous improvement but it is better than
nothing.
Ian
--
Ian_Miller(_at_)bifroest(_dot_)demon(_dot_)co(_dot_)uk FAI-D10204
PGP Fingerprint: 2A20 4610 E596 2740 91B1 95BA CAD3 BC14
Antworten auf Deutsch waeren mir angenehm.