comments, anyone?
On 03/07/13 00:22, Ximin Luo wrote:
To openpgp(_at_)ietf(_dot_)org,
As per [1] and [2], sign-then-encrypt is only really secure as long as you do
it on *all* the information that forms the message, some of which might be
external to the message data itself. Crucially, this includes the recipient.
What's the current status of this in the PGP/MIME standard? Is it still a
problem? I notice that email subject headers are in a similar situation, and
users have complained about it.[3] The problem of unencrypted/unauthenticated
recipient is less obvious, so I haven't seen user complaints, but potentially
it is more serious.
Although not explicitly mentioned in the previous citations, these are
conceptually the same problem - i.e. you are only executing sign-then-encrypt
on *part* of the data that should be secured. So, I believe that it's possible
to work towards a single clean solution that fixes both problems.
(Sorry if this has been asked before already, or if the problem has already
been fixed; I did check the list archives but couldn't find anything on a
quick
scan, nor a quick session of web searching.)
X
[1]
http://crypto.stackexchange.com/questions/5458/should-we-sign-then-encrypt-or-encrypt-then-sign
[2] http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html#CITEpgp
[3] http://www.mozilla-enigmail.org/forum/viewtopic.php?f=9&t=328
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
GPG: 4096R/5FBBDBCE
https://github.com/infinity0
https://bitbucket.org/infinity0
https://launchpad.net/~infinity0
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp