[Top] [All Lists]

Re: Davis paper revisited // separation of signed and encrypted messages into clearsigned messages

2003-08-22 01:49:38
[People, why can't you use a sensible mailer who produces In-Reply-To or 
References header?]

that did not reflect the intent of the sender, who would never think
of posting it unencrypted.

If you send sensible content to somebody you can't trust to keep it secret, 
there's no technical solution to solve that problem. Don't send that person 
any sensible content - encrypted or not.

If you S/E/S the message, you can still stripp the outer signature and the 
encryption and get a perfectly readable signed message. True, there could be 
some indication that the inner signature was part of a S/E/S message - but in 
the original case, the sender could put a notice 'this is a confidential 
message and was sent encrypted' in the message text.

IIRC E/S/E had some other significant drawback, somebody will certainly point 
it out here, but it would "solve" that particular problem. But I don't think 
that it does achieve more than putting 'this is a confidential message' in 
the signed body:

The recipient can publish the E/S/E message without the outer encryption 
layer. Then he publishes the decrypted message and his public key. Everybody 
can the generate the encrypted message and, with the signature, verify that 
it is the same message. So this "solution" falls apart, too.

-- vbi

featured link:

Attachment: pgpdABuinA44e.pgp
Description: signature