[Top] [All Lists]

Re: Bug#40394: forwarding an encrypted PGP message is useless

2002-04-10 08:52:04

Paul Shields <shields(_at_)passport(_dot_)ca> writes:

Should we have a selectable option on sign-encrypt that specifies
that the signature must be
removed from the plaintext after verifying it?

How would you enforce this?  This is just like the "for-her-eyes-only"
flag on literal text.  It's a notation to keep the good guy honest,
but wont protect you from someone who really wants to get around it.

For example, many a time I've used 'pgp -fm input.asc >& output.txt'
to get around the for-her-eyes-only "bug".

The only way to really enforce this is to mathematically tie the
signature to the encryption.  This would require a whole new line of
mathematics (assuming you want to continue to hide the sender's
identity to non-recipients).


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord(_at_)MIT(_dot_)EDU                        PGP key available

<Prev in Thread] Current Thread [Next in Thread>