ietf-openpgp
[Top] [All Lists]

RE: secure sign & encrypt

2002-05-23 08:40:50

Hi!

Your proposal for an extra packet does not address this alleged
flaw.
Note that Alice could sign a message saying "encrypted to 
Bob", and then
encrypt and send the message to Charlie, thus framing Bob for breach
of confidence.

No, because then Charlie would know it was something fishy going on.
He would not now if Alice or Bob (or some one else) was to blame,
but he would get a warning message saying that this is an invalid
signed & encrypted message.
Hey, this is an attack at _Bob_ - Charlie don't needs to be nice!
The simple possibility of such attacks discredits the trust in beeing
the original receiver of a message, so we gain nothing!

Best Regards.
-- 
Dominikus Scherkl
dominikus(_dot_)scherkl(_at_)glueckkanja(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>