ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Shortcomings of current schemes (Was: One-pass signatures)

1998-07-25 16:48:11
from [William H. Geiger III] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----

In <199807252242(_dot_)PAA04880(_at_)hal(_dot_)sb(_dot_)rain(_dot_)org>, on 
07/25/98 
   at 03:42 PM, Hal Finney <hal(_at_)rain(_dot_)org> said:


Bob could require/request his customers to prepare their messages in two
passes, the first one to clearsign them and the second one to encrypt
them.  Then when he processed the messages he could decrypt and leave a
clearsigned message, on which the signature could be checked but the
message left in clearsigned form.



We at NetAss have considered changing the default behavior of the
encrypt-and-sign option to behave in this manner (clearsign then
encrypt). Unfortunately, messages prepared in this way require users with
current client software to manually run two passes to decrypt and verify.
The need for backwards compatibility has prevented us from going forward
with this scheme.


One really needs to run a second pass over any encrypted message after it
has been decrypted as the contents of the encrypted packet are unknown
until decryption. The client software should be capable of handeling
multiple layers of PGP messages one inside of another.


We have had some discussion on OpenPGP of a flag, perhaps in the literal
packet, which would indicate that messages are in this form.  Perhaps a
future version will have a clean way of doing this.


Ideally there would be only one way of calculating a signature so a sign &
encrypt message could have it's signature retained and converted to a
clear-sig. IMHO going with a flag is just giving the software designers an
easy out from doing the PGP processing properly.


- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
- ---------------------------------------------------------------
 
Tag-O-Matic: Windows is to OS/2 what Etch-a-Sketch is to art.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNbpwjo9Co1n+aLhhAQF/IQP+OnoGBmuDlbTuabY4AHsTZK2wKuell3Su
ctUbQnARjss5mepHo+rUsKcgUmOL1y/z65kVhV2XbqU+xO3U2iV3AvgEd5mis3Mt
4RXV9Eua5GmuXNDEpbDWfaUxtCyHoLVC37K0ROVkDuTkV8puTjuFQh6mbGtw4Z5q
XMseQkArpOA=
=xZtQ
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Shortcomings of current schemes (Was: One-pass signatures), William H. Geiger III
Next by Date:  Re: One-pass signatures, Andrew Bromage
Previous by Thread:  Re: Shortcomings of current schemes (Was: One-pass signatures), Black Unicorn
Next by Thread:  Re: Shortcomings of current schemes (Was: One-pass signatures), Thomas Roessler
Indexes:  [Date] [Thread] [Top] [All Lists]