ietf-openpgp
[Top] [All Lists]

Re: Bug#40394: forwarding an encrypted PGP message is useless

2002-04-10 09:24:28

On 2002-04-10 10:46:26 -0400, Paul Shields wrote:

Should we have a selectable option on sign-encrypt that specifies that the signature must be removed from the plaintext after verifying it?

What, precisely, prevents the recipient's implementation from ignoring that flag?

In the suggestions circulated in this thread, some folks are making the same basic design error all over the place: You want to place trust in software which is under the complete control of an individual you don't trust. Don't do it. It's impossible.

The features which are being suggested _may_ help against unintentional errors the recipient may make (like, storing, by accident, the wrong love letters on the wrong hard drive, which [I seem to recall] was the original reasoning behind the "for your eyes only" [or whatever it was called] function of pgp 2).

They don't, however, help against malicious behavior on the recipient's side.

--
Thomas Roessler                        <roessler(_at_)does-not-exist(_dot_)org>

<Prev in Thread] Current Thread [Next in Thread>