ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "The OpenPGP mail and news header" extenssion

2005-08-11 14:56:04
from [David Srbecky] [Permanent Link] 
Simon Josefsson wrote:


I understand.  Implement your scheme and write a draft about it!  I
think your ideas are too far-fetching to be reasonable added to this
document.  There are many details that has to be solved.
This is something I hoped to be helped with. I think I lack the required language skill, background knowledge and experience to write a standard. 

Do you want to help?

Please!!!



The discussion here made me realize there may be merit with all three
variants.
Three or maybe even four, five? I was trying to decide whether to use preference=sign,encrypt or preference=encrypt,sign and I realized that they may be different. You can:
- sign and then encrypt - in which case only the recipient can verify signature after decryption - encrypt and then sign - in which case anyone can verify the signature before decryption, but no-one after decryption - sign, encrypt and then sign again - in which case anyone can verify signature before decryption and also the recipient can verify signature after decryption (in case someone likes to store decrypted messages) 

Is that correct?
Anyway, I vote to use preference=encrypt,sign and ignore the rest. At least for the moment.
On the other hand, preference=insecure means that user does *not* want to receive any signed or encrypted messages. I would imagine that many maillists will use this option to keep their messages clean. 

I'm not sure this is a good idea.  The OpenPGP header is not protected
in any way.  If someone inject a 'OpenPGP: preference=insecure' and
that caused MUAs to avoid a default behavior of signing/encrypting
messages, that would be a security problem.
You are absolutely correct - it is really difficult issue. In other words, preference should increase security, but never decrease.
I think it is possible to do just fine without preference=insecure. For example, MUA can set the default (minimal) security based on that whether recipients email address is on keyserver. If yes, sign by default. If no, send insecure message by default. This way, everyone with public key will get at least signed message and others (including maillists) will get signed messages only if they wish.
Still, the best solution is to complement the preference with attributes stored in public key. 


Thanks,
David

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: "The OpenPGP mail and news header" extenssion, Simon Josefsson
Next by Date:  Re: "The OpenPGP mail and news header" extenssion, Ian G
Previous by Thread:  Re: "The OpenPGP mail and news header" extenssion, Simon Josefsson
Next by Thread:  Re: "The OpenPGP mail and news header" extenssion, David Srbecky
Indexes:  [Date] [Thread] [Top] [All Lists]