Hey folks,
dkg and I have been discussing an "Intended Recipient Fingerprint"
subpacket, that pins a signature to be valid only in an encrypted
context to the indicated recipient.
Use of this subpacket removes some wiggling room for signed+encrypted
messages. This can be used to prevent replay attacks, where a signature
is taken out of its context and forwarded to a different recipient.
Please see https://0xacab.org/schleuder/schleuder/issues/158 for a
complete description of an attack scenario in the context of the
Schleuder remailer. The given scenario is solved with this subpacket on
the openpgp layer.
Diff attached for rfc4880bis, please comment.
- V
intended-recipient.patch
Description: Text Data
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp