Simon Josefsson wrote:
I understand. Implement your scheme and write a draft about it! I
think your ideas are too far-fetching to be reasonable added to this
document. There are many details that has to be solved.
This is something I hoped to be helped with. I think I lack the required
language skill, background knowledge and experience to write a standard.
Do you want to help?
Please!!!
The discussion here made me realize there may be merit with all three
variants.
Three or maybe even four, five? I was trying to decide whether to use
preference=sign,encrypt or preference=encrypt,sign and I realized that
they may be different. You can:
- sign and then encrypt - in which case only the recipient can verify
signature after decryption
- encrypt and then sign - in which case anyone can verify the
signature before decryption, but no-one after decryption
- sign, encrypt and then sign again - in which case anyone can verify
signature before decryption and also the recipient can verify signature
after decryption (in case someone likes to store decrypted messages)
Is that correct?
Anyway, I vote to use preference=encrypt,sign and ignore the rest. At
least for the moment.
On the other hand, preference=insecure means that user does *not* want
to receive any signed or encrypted messages. I would imagine that many
maillists will use this option to keep their messages clean.
I'm not sure this is a good idea. The OpenPGP header is not protected
in any way. If someone inject a 'OpenPGP: preference=insecure' and
that caused MUAs to avoid a default behavior of signing/encrypting
messages, that would be a security problem.
You are absolutely correct - it is really difficult issue. In other
words, preference should increase security, but never decrease.
I think it is possible to do just fine without preference=insecure. For
example, MUA can set the default (minimal) security based on that
whether recipients email address is on keyserver. If yes, sign by
default. If no, send insecure message by default. This way, everyone
with public key will get at least signed message and others (including
maillists) will get signed messages only if they wish.
Still, the best solution is to complement the preference with attributes
stored in public key.
Thanks,
David
signature.asc
Description: OpenPGP digital signature