Hi.
I see no other way than "encrypt, sign and encrypt" (ESE)
to archive all cyptografic goals which seems inportant to me:
The interesting thing is that there is nothing STOPPING an application
from doing this today. OpenPGP messages like the following are
perfectly legal syntax, even in 2440:
ESK [...] Enc { PreSig ESK [...] Enc { Literal { Message } } PostSig }
Go ahead and implement this. I'm fairly sure that most of the OpenPGP
Parsers out there will Do The Right Thing with this (I'm 99% sure that
PGP 6.5.x will do this, since I wrote that original parser code).
Of course. That's the main advantage of ESE, we can do it without
protocol changes - to insert a new button in the applications will
be enough.
In addition ESE has the property John Callas repeatedly claimed
to be important, and which can't be archived by simply adding
a copy of the header fields to the envelop:
it ensures that the reciever cannot forward a message
without destroying the signature or reveiling that it was
originaly send to him for his eyes only.
Also ESE can't be cheeted by adding fake addresses to the envelop.
And the old SE remains available, if you like the message can be
forwarded but therefore repudiated.
Best Regards
--
Dominikus Scherkl
dominikus(_dot_)scherkl(_at_)glueckkanja(_dot_)com