ietf-openpgp
[Top] [All Lists]

Re: Shortcomings of current schemes (Was: One-pass signatures)

1998-07-27 10:48:37
-----BEGIN PGP SIGNED MESSAGE-----

In <199807271621(_dot_)RAA17985(_at_)server(_dot_)eternity(_dot_)org>, on 
07/27/98 
   at 05:21 PM, Adam Back <aba(_at_)dcs(_dot_)ex(_dot_)ac(_dot_)uk> said:

I don't think any of the numerous people who replied to this thread
picked up on the fact that what I think Black Unicorn identities as a
common user requirement is in fact possible already.

That is you _can_ strip of the encryption layer leaving the signature
layer.  What you get is not normally a clear signed text, but rather a
binary signed text.  These are pretty readable, consisting of a few
binary chars at the begining of the file (being the prepended binary
signature), followed by the text signed.

It should be easily possible to add the ability to one of the GUI
versions of pgp to add support for retaining signatures in this form in a
convenient searchable form.  A simple option tick box to retain
signatures should therefore be easily implementable.

I would presume that all versions of pgp already retain the ability to
verify such signatures.

While this can address local signature retention it does not address the
issue of how to forward this signature with the message to another party.
Without the ability to convert this signature into a clearsigned signature
or a PGP/MIME signature there is no way to transfer this signature with
the message to a 3rd party.

IMHO it is just simpler to devalue the sign AND encrypt option in PGP and
use a 2 step process of sign (clearsigned or PGP/MIME) THEN encrypt.

It is the only way I see to guarantee signature retention through the
different mailers a PGP message may travel through.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
- ---------------------------------------------------------------
 
Tag-O-Matic: Windows: an Unrecoverable Acquisition Error!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNby/E49Co1n+aLhhAQFy+gQAqXY6JqERntuwadV6v7DH3L29ikP9+oqj
qcMIiMyeOfAJ+60cDw40sXxzwJ39AbyNdh2FE9Q67ME6JYcXn1C1/+8zwuH1nGsy
0dkl3p/ksa3ItsSVIjmbWxeNoJ06A5NoiwyX4E3QgaNm+kAnsWgyfBY//jE3Wct9
nORDyRDXjjw=
=919T
-----END PGP SIGNATURE-----