john(_dot_)dlugosz(_at_)kodak(_dot_)com wrote:
Emails are the only thing where we might have missing context
information.
In an informal note typed by a person, it might assume the
conversation in
progress. But what contract or other formal document doesn't list the
parties as part of the document content? And what does "intended
recipient" mean for things that are not messages sent to somebody?
Everything that is "signed & encrypted" has a list of recipients that it
is encrypted to. This list of recipients is included in the protocol. That
is why I mean the protection of this information by signing it also belongs
in
the protocol.
If an application wants to automatically add context
information before
signing, without messing up the document proper, then a
general purpose
"extra information" field is needed, since "TO:" is just a
special case of
this general problem. And I think it's been said that a
suitable field
already exists.
I think you have completely missed my point here. Please read what
I wrote once again. I am making an argument for that this is NOT
a kind of general "extra information", it is information that already
are included as a part of the protocol. And a proper standard for how
to duplicate this information inside the signed part of the message
should also be a part of the standard, so that this can be done in the
same way by all applications that uses this standard. Is this to much
to ask?
Terje Braaten <Terje(_dot_)Braaten(_at_)concept(_dot_)fr>@mail.imc.org on
05-30-2002
12:38:22 AM
Sent by: owner-ietf-openpgp(_at_)mail(_dot_)imc(_dot_)org
To: "OpenPGP (E-mail)" <ietf-openpgp(_at_)imc(_dot_)org>
cc:
Subject: RE: secure sign & encrypt
Michael Young writes that "The intended recipient is only one of many
pieces of context that a user might mistakenly believe was included
in the signed material." That is correct, but I will still argue that
the information on which keys the message is encrypted to (or intended
to be encrypted to) is special, and belongs in the OpenPGP standard.
It is not only mail that can be signed and encrypted with OpenPGP,
it can be all kinds of electronic documents and messages. When f.ex.
an "X-To-PGP-Key" header might be an adequate solution for e-mail
messages, it will not fit at all for other sorts of messages.
In fact, the only meta data about a message that is common to all
encrypted messages is the recipient public keys. And since this
is meta data about the message that is always present, I think
it is very appropriate to be specified in the protocol a convention
on how this is to be protected in a message that is signed
and encrypted.
(If we could just have an optional sub packet on the
signature in the first
round I would be happy.)
--
Terje Bråten