[Top] [All Lists]

Re: Recipient-verifiable messages, was: forwarding an encrypted P GP message is useless

2002-05-30 07:30:12

Terje Braaten <Terje(_dot_)Braaten(_at_)concept(_dot_)fr> writes:

 Encrypt_Bob(K), Encrypt(K, Sign_Alice(Hash(K||Bob_PK)), msg)

with the additional restriction that the encryption mode 
should be one
of the MDC modes (ie appended MAC with K outside encryption, or
appended hash of msg inside encryption).

What a wonderful solution. Hello everybody, we go ahead and change
the next version of the protocol to this. Ok?

No.  It is definitely not ok.  This breaks backwards compatibiltiy
with implementations of 2440.

No matter what you do it should be backwards compatible with existing
software.  Current implementations should still be able to read it,
even if they don't understand it.

My two suggestions still remain:

  1) Write up an RFC that defines how to use a notation packet to do
     what you want, where that notation packet is included in the
     signature.  Within that notation you can store the original
     recipients list.

  2) Write up an RFC that defines how to use 2440 packets in ESE mode.
     I'm fairly sure that most of the existing 2440 implementation can
     read an ESE message (at least if they implemented their parser
     recursively like I did in PGP 5).

Either of these solutions solve your problem _AND_ remain

       Derek Atkins
       Computer and Internet Security Consultant

<Prev in Thread] Current Thread [Next in Thread>