ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Davis paper revisited // separation of signed and encrypted messages into clearsigned messages

2003-08-22 07:42:56
from [vedaal] [Permanent Link] 



On Fri, 22 Aug 2003 01:49:23 -0700 Adrian von Bidder 

[...]


vedaal:

that did not reflect the intent of the sender, who would never

think

of posting it unencrypted.


If you send sensible content to somebody you can't trust to keep
it secret, 
there's no technical solution to solve that problem. Don't send
that person 
any sensible content - encrypted or not.


consider the case of a high-ranking corporate employee who left a company
on unfriendly terms,

or a pt./dr/ communication where, at a later date, the pt. is suing the
dr.

the content of the communication was perfectly appropriate in encrypted
form, at the time it was communicated

but,

if it is (maliciously, anonymously) posted by the receiver,
the reciver can claim that the dr. violated medical privacy issues, 
and someone in the corporation can claim that the sender 'leaked' sensitive
material to a public forum

of course, the sender can counter:

"i didn't do it !
it was a malious reconstruction of the message by the receiver into clearsigned
form!"

but this still leaves some doubt ...

[...]



The recipient can publish the E/S/E message without the outer encryption



layer. Then he publishes the decrypted message and his public key.
Everybody 
can the generate the encrypted message and, with the signature,
verify that 
it is the same message. So this "solution" falls apart, too.


no it doesn't,

if the sender doesn't routinely encrypt to self,
then even if the receiver publishes the session key, then the 'leak'
can unequivocally be shown to be the receiver


the point is, 

can there be an additonal packet feature that somehow distinguishes
a signed and encrypted message, from a clearsigned one
(which could be done in backward compatible form, where older versions
might not 'recognize/be able to interpret' the new packet, but could
decrypt anyway,
while newer versions could be used to distinguish the signature/message
type.)


with Respect,

vedaal  



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Davis paper revisited // separation of signed and encrypted messages into clearsigned messages, Adrian von Bidder
Next by Date:  Re: Davis paper revisited // separation of signed and encrypted messages into clearsigned messages, Hal Finney
Previous by Thread:  Re: Davis paper revisited // separation of signed and encrypted messages into clearsigned messages, Adrian von Bidder
Next by Thread:  Re: Davis paper revisited // separation of signed and encrypted messages into clearsigned messages, Ian Grigg
Indexes:  [Date] [Thread] [Top] [All Lists]