Jon Callas wrote:
On 15 Mar 2005, at 4:41 PM, Ben Laurie wrote:
Jon Callas wrote:
On 12 Mar 2005, at 3:24 AM, Ingo Luetkebohle wrote:
Even better would be to have individually encrypted parts. This is
possible with PGP/MIME but not current practice. Trouble being, of
course, that the sender would have to know this is in advance.
Better for whom?
One of the reasons that practice is to not have individually
encrypted parts is that that has not been considered as good, meaning
not as secure. It isn't as convenient for an entity who doesn't have
the keys to process such a message, and that's been considered a
feature rather than a bug.
I'm struggling to understand this - how does this make it any easier
for an attacker? (Other than log_2(n), where n is the number of parts,
for the brute force attack).
It's a small thing, but if message A has one attachment,
"Attachment.pgp", and message B has two attachments, "Text.pgp" and
"ZeSecretPlans.doc.pgp" -- which each decompose to the same mail message
-- one could argue that message A is more secure than message B because
it leaks less information about its internal structure.
Right. But, given the mobile platform limitations,
Message A is unusable therefore its security argument
is null & void; the user has to make *some compromise*
in order use the system, and that may well be "giving
up a little security."
I'm curious as to whether there is a hard proposal for
the group behind this?
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/