[Top] [All Lists]

RE: secure sign & encrypt

2002-05-23 14:27:52

What is the problem I try to solve? I thought that had been clear
through the many mails I sent, but let me try to explain again.

1) Don Davis has a pretty good description of the problem in
        He lists many good reasons why this is a problem in section 4.

2) Many users seem to think that PGPs sign & encrypt function is atomic.
        We can try to teach them that is never was so, and never will be
        (a bad solution in my opinion) or we can give the users what they
        want/expect and make it possible to have an atomic sign & encrypt
        in PGP.

To word the problem in another way, when Alice send a message to Bob
that is signed and encrypted, Bob should be able to be sure that it
was Alice that encrypted the message.

Description of attack:

Alice send a signed & encrypted message to Charlie. Charlie decrypts
it and encrypts and sends it to Bob, trying to convince Bob the message
comes directly from Alice. Since Bob see the message is apparently
made by sign & encrypt he thinks it must be Alice that has encrypted it.

Some solutions:

        - Teach Bob not to trust PGPs sign & encrypt to know who the sender
          of the message is when it is not in the plain text of the signed

        - Make PGP use Encrypt, Sign and Encrypt. (Slower
          and bigger messages.)

        - Add fingerprints of recipient keys in signature packets (Requires
a change
          in the protocol)
Terje Bråten

<Prev in Thread] Current Thread [Next in Thread>