[Top] [All Lists]

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-24 07:41:32
Simon Josefsson wrote:
Tony Finch <dot(_at_)dotat(_dot_)at> writes:
The user should notice this since their encrypted mail will appear to come
from their mail provider not from the sender. (PGP signature doesn't
match 822 From:)

Not really -- OpenPGP does not reveal anything about the identity of the
encrypting entity.  If the mail provider signed the email, it would be
noticeable, but there is no requirement to sign encrypted emails.

This can be solved by having the sender also sign the key used to encrypt
the e-mail. No idea how much work it is to add this.

<Prev in Thread] Current Thread [Next in Thread>