[Top] [All Lists]

Re: Bug#40394: forwarding an encrypted PGP message is useless

2002-04-10 09:21:42

What if, in a mail user agent, the user wants to forward an encrypted 
Allow it? Deny it?
Re-encrypt or remove encryption?
The problem is, of course, that the original sender might not like his
encrypted text being sent out in the clear again...

I don't think this is something we can control.  If you encrypt something with
a recipient's public key, you're implicitly giving the recipient the ability
to decrypt that message and redistribute it to his heart's content.  You can
issue instructions to the recipient about redistribution of the messgae, but
you can't control whether the recipient follows those instructions.

Nor is it clear that this is a "problem".    At least, there appear to be
more "problems" associated with mechanisms that do purport to control what
a recipient can do with a message than mechanisms that merely provide
protection against interception of a message in transit from sender to

Exactly. This entire problem space has a character similar to that of copy
protection, digital rights management and all that. There are also lessons to
be learned from the Multics work on environments that try to support multiple
levels of secrecy and integrity simultaneously. (Some of the stories told by
the folks who worked on things like text editors for mixed level data are
particularly amusing.)

All of this stuff falls down at some point because you just can't
compartmentalize people's brains. Prohibit forwarding of content and people
will save stuff to files and then mail the files. Prohibit saving to files and
people will cut and paste. Prohibit cut and paste and people will type what one
window says into another. Prohibit people from having mutiple windows up at the
same time for this purpose and they will write stuff down on paper (which
introduces its own set of problems). Prohibit writing stuff down (good luck)
and people will try and remember it, and then enter it incorrectly later.

You can't win. And given how much this pisses off users, making them even less
receptive to following whatever rules they're supposed to be following, you
shouldn't even try.