Paul Shields <shields(_at_)passport(_dot_)ca> writes:
Should we have a selectable option on sign-encrypt that specifies
that the signature must be
removed from the plaintext after verifying it?
How would you enforce this? This is just like the "for-her-eyes-only"
flag on literal text. It's a notation to keep the good guy honest,
but wont protect you from someone who really wants to get around it.
For example, many a time I've used 'pgp -fm input.asc >& output.txt'
to get around the for-her-eyes-only "bug".
The only way to really enforce this is to mathematically tie the
signature to the encryption. This would require a whole new line of
mathematics (assuming you want to continue to hide the sender's
identity to non-recipients).
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available