ietf-openpgp
[Top] [All Lists]

Re: secure sign & encrypt

2002-05-23 07:10:35

On Thu, May 23, 2002 at 02:22:19PM +0200, Terje Braaten wrote:
Matthew Byng-Maddick <openpgp(_at_)lists(_dot_)colondot(_dot_)net> wrote:
As others have pointed out, what is the "atomic sign & 
encrypt" of which you
speak?
I envision that in a not too far feature, we can call the
sign & encrypt function in PGP an atomic sign & encrypt.
This is the solution of the problem that I have been trying
to describe all the time.
[...]
Adding a new signature packet called 'encrypted to' (or something
like that) would allow OpenPGP applications to implement
such an atomic sign & encrypt. It could say in the protocol
that an application MAY implement atomic sign & encrypt,
and if it does, it MUST do such and such.

Of course, a better way to do this is the obvious one, for the signtext
to start with "Dear Bob," and then you know who it was intended for. This
is the recommendation in the few cryptographic texts I've read about
non-repudiation.

This, of course, requires educating users, <sarcasm>which is a much harder
problem than attempting to solve it in some convoluted (and probably wrong)
cryptographic way.</sarcasm>

If your users don't properly understand the attempted guarantees of the
cryptosystem, then whatever you do to try and make it better, they will
almost certainly make some other assumption about it.

MBM

-- 
Matthew Byng-Maddick         <mbm(_at_)colondot(_dot_)net>           
http://colondot.net/

<Prev in Thread] Current Thread [Next in Thread>