Terje Braaten <Terje(_dot_)Braaten(_at_)concept(_dot_)fr> writes:
The method I have suggested is to sign the recipient's name into the
message, as this avoids another costly encryption. Unfortunately
this is very disturbing to those that think sign and encrypt must
and should be independent layers in the protocol. But I think
there should be possible to open up for certain exceptions to this
layer thinking when security needs demands it.
As has been pointed out, you do NOT need an automated method to
do this. Just put a plane user-readable string of the recipient's
identity into the signed message -- the PLAINTEXT message.
This is something that the MUA would do and requires no changes to the
PGP Protocol.
Note that any user with any intelligence would know that a message
that begins "Dear Bob" was _not_ meant for Charlie.
Terje Bråten
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available