[Top] [All Lists]

Re: secure sign & encrypt

2002-05-22 12:10:04

Hal posted a pointer to my comments on this from last year. I'll weigh in

I think this is an issue with semantics. You can't solve semantic problems
with added syntax, no matter how much syntax you add.

Furthermore, there are risks with this, too. You can still perform a
redirection attack on a targeted signature. Suppose Alice is trying to do a
business deal with both Bob and Charlie, and trying to get the best price.
If Bob sends Charlie a signed message that is targeted to him, it can be
more embarrassing than if the signature were untargeted. I'm really sorry,
but if you send a private message to someone who puts it on their web page,
you might be irked by this.

One of the things that I try to keep an eye out for is traffic analysis. I
think it is a feature of OpenPGP that it puts the signatures inside the
envelope, because if they're outside the envelope, you have
cryptographically assisted traffic analysis. Targeting in signatures also
assists traffic analysis, and users who don't understand that signing
low-context messages is a bad idea aren't going to understand traffic
analysis issues.

Lastly, if you really, really want to do this, there is already support in
the OpenPGP protocol for it! This is one of the myriad things notations are
good for. Software can make a signature with a human-readable notation in it
that is boilerplate. It could say, "Created on <date> by <source> for
<target>." There's your targeting, just convince some implementer to do it.
Just don't make me use it, thanks. I'll have even less reason to sign


<Prev in Thread] Current Thread [Next in Thread>