On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote:
Jeroen Massar wrote:
On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote:
Jeroen Massar wrote:
On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote:
Jeroen Massar wrote:
<SNIP>
* sign(encrypt(message))
<SNIP>
More importantly, perhaps, Krawczyk has shown that, in general, sign
then encrypt is insecure.
Which exact paper do you mean?
http://eprint.iacr.org/2001/045
Which nicely says, already in the abstract btw, "Thus, while we show the
generic security of SSL to be broken, the current standard
implementations of the protocol that use the above modes of encryption
are safe."
Sure. What does this have to do with OpenPGP's security?
psst... it was you bringing up that argument about the paper ;)
Greets,
Jeroen
signature.asc
Description: This is a digitally signed message part