ietf-openpgp
[Top] [All Lists]

Re: secure sign & encrypt

2002-05-30 12:15:10
On Thu, May 30, 2002 at 07:38:22AM +0200, Terje Braaten wrote:

Michael Young writes that "The intended recipient is only one of many
pieces of context that a user might mistakenly believe was included
in the signed material." That is correct, but I will still argue that
the information on which keys the message is encrypted to (or intended
to be encrypted to) is special, and belongs in the OpenPGP standard.

It is not only mail that can be signed and encrypted with OpenPGP,
it can be all kinds of electronic documents and messages. When f.ex.
an "X-To-PGP-Key" header might be an adequate solution for e-mail
messages, it will not fit at all for other sorts of messages.
In fact, the only meta data about a message that is common to all
encrypted messages is the recipient public keys. And since this
is meta data about the message that is always present, I think
it is very appropriate to be specified in the protocol a convention
on how this is to be protected in a message that is signed and encrypted.

(If we could just have an optional sub packet on the signature in the first
round I would be happy.)

You can have this. The standard declares that subpackets 100 to 110 are
"internal or user-defined". You can even set the critical bit on it if
you like. This should solve your problem. Your only other problem is to
convince an implementer to implement this subpacket, or you can
implement it yourself. Do know that gpg has used 101 in the past for
internal purposes; this might be a bad choice.

This subpacket is completely optional; in fact all but two subpackets
are: the creation time, and the issuer.

Therefore, this discussion can end, knowing everybody is happy.

-- 
Brian M. Carlson
<karlsson(_at_)hal-pc(_dot_)org>
OpenPGP: 0x351336B2DCA1913A

Attachment: pgpSfvffC1GEs.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>