Terje Braaten <Terje(_dot_)Braaten(_at_)concept(_dot_)fr> writes:
I do not quite see the relevance of this. Do you think it is bad
that Charlie can prove that the message was sent to him from Bob
and not only signed by Bob?
If Bob want to prevent this he can sign first and then encrypt,
instead of using the sign & encrypt function in PGP.
You seem to be under the misconception that "sigh & enrypt" is an
atomic PGP operation. It is not. There is "OpenPGP Sign" and there
is "OpenPGP Encrypt", and these two functions _can_ be combined, but
the combination is NOT a single atomic function. It never was.
All PGP ever had was "first sign and then encrypt". It was just
user-interface "syntactic sugar" that allows the user to perform both
tasks together. However, there is no way for a receiver to tell the
difference between a one-pass and two-pass "sign and then encrypt".
It will still be possible to just sign something. It is only when
you use sign & encrypt the receivers should be able to be sure that
the one who signed and the one who encrypted the message is the same
person.
As I said, there is no "combined sign and encrypt" atomic operation in
OpenPGP (or in regular PGP, for that matter).
But the point is not to make some human readable boilerplate. The
point is that OpenPGP software automatically should be able to detect
if the message has been faked to look like it is created by
sign & encrypt when it really is not.
What do you mean? Can you please explain what attack you believe
you are preventing?
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available