Recipient inconstistence: flaw in OpenPGP

Thomas Roessler roessler@does-not-exist.org
Fri Aug 17 11:27:02 2001


--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2001-08-17 08:58:41 +0200, Disastry@saiknes.lv wrote:


>there is no way for recipient to be sure that the same message was=20
>sent/encrypted to other recipients or not anyway.
[...]
>I think this in flaw in OpenPGP. It could be solved by adding some=20
>special Recipients packet into encrypted message part.
Against what attack are you trying to defend, precisely? Of course, you could make sure that a recipient list is included=20 with the encryption envelope, is signed, and is thereby protected=20 from alteration in transit. However, this certainly won't prevent the sender(!) from adding fake=20 recipients to this list. There is no way you can ensure on the=20 OpenPGP layer that a message was indeed sent to a set of recipients=20 indicated inside that message. In order to prove this, you'd need=20 signed receipt confirmations. --=20 Thomas Roessler http://log.does-not-exist.org/ --r5Pyd7+fXNt84Ff3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iQEVAwUBO3ziodImKUTOasbBAQIX0Qf/cRfKPRWmOfPcaxJWYw3U12Br90o2Cm1/ 0FbjvKMCZBP14Yg6tzHm9R9U+C9omuqhdeWJw0LXpTEkkoytLKvpJGftNqrqGnUo D5StrLYp8htO9/npWk8wsD73Elyptc8UDdKg/5F89TzNgmPSMEpozA/bMdfm+QT5 YLRpmYHO7+yQqeSEDHCWtyOEeAScKusCyWiWdUUbZz5W14q50QyPF1yvuDtmRzEQ g8x6woGloqqPvxJm+PdmIwLGIgBG6lkVVGNTWR9gaBWuJwX9GzL3rVECXhcUcjvJ qbFrhbmUSDQSP/OETv74kE88kVDiyFGQitKbVxqLCbnx4PFZWm6PXQ== =OcPN -----END PGP SIGNATURE----- --r5Pyd7+fXNt84Ff3--