ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "The OpenPGP mail and news header" extenssion

2005-08-14 09:34:14
from [Ben Laurie] [Permanent Link] 

Jeroen Massar wrote:

On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote:


Jeroen Massar wrote:


On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote:



Jeroen Massar wrote:



On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote:




Jeroen Massar wrote:


<SNIP>


* sign(encrypt(message))


<SNIP>
More importantly, perhaps, Krawczyk has shown that, in general, sign then encrypt is insecure. 


Which exact paper do you mean?


http://eprint.iacr.org/2001/045



Which nicely says, already in the abstract btw, "Thus, while we show the
generic security of SSL to be broken, the current standard
implementations of the protocol that use the above modes of encryption
are safe."


Sure. What does this have to do with OpenPGP's security?



psst... it was you bringing up that argument about the paper ;)
Indeed - the result is general. The fact that SSL is secure gives no comfort for OpenPGP. 

--
>>>ApacheCon Europe<<<                   http://www.apachecon.com/

http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: "The OpenPGP mail and news header" extenssion, Jeroen Massar
Next by Date:  Re: Applicability of signed messages as proof of sending, Ian G
Previous by Thread:  Re: "The OpenPGP mail and news header" extenssion, Jeroen Massar
Next by Thread:  Re: "The OpenPGP mail and news header" extenssion, Konrad Rosenbaum
Indexes:  [Date] [Thread] [Top] [All Lists]