On Mon, 2 May 1994, Stephen D Crocker wrote:
Not a bad idea. We've done some work on the dual: encrypt everything
headed out as it passes the gateway. It's interesting to see the
variations that develop from different assumptions about whether the
local or external environment is more hazardous.
It's also interesting to note that a high school may be very hesitant to
install a package which will encrypt all of the student's messages so the
teachers can't tell if the students are simply chatting, or swapping
assignment solutions. :-) Six in one hand, half a dozen in the other.
I don't think there's any inherent conflict. The agent which encrypts
can choose not to sign it. If it signs the message, it should say
it's the incoming gateway. Our implementation of MIME-PEM will have a
mode for retaining annotating the decrypted, signature-verified
message with the names of the relevant parties. The annotations will
distinguish between unsigned messages and signed messages so as to
prevent possible spoofs.
Sounds pretty much what I wanted. My question was mainly intended to see
if there is a documented way to automatically identify any locally-added
privacy/signature enveloping so that when a message is saved, forwarded,
etc, the extra stuff is removed, and the original message is used instead.
It's a question of knowing when to stop so that remotely-added enveloping
is not removed unless the user really wants it removed.
Cheers,
Rhys.