Recipient inconstistence: flaw in OpenPGP
Thomas Roessler
roessler@does-not-exist.org
Fri Aug 17 11:27:02 2001
--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2001-08-17 08:58:41 +0200, Disastry@saiknes.lv wrote:
>there is no way for recipient to be sure that the same message was=20
>sent/encrypted to other recipients or not anyway.
[...]
>I think this in flaw in OpenPGP. It could be solved by adding some=20
>special Recipients packet into encrypted message part.
Against what attack are you trying to defend, precisely?
Of course, you could make sure that a recipient list is included=20
with the encryption envelope, is signed, and is thereby protected=20
from alteration in transit.
However, this certainly won't prevent the sender(!) from adding fake=20
recipients to this list. There is no way you can ensure on the=20
OpenPGP layer that a message was indeed sent to a set of recipients=20
indicated inside that message. In order to prove this, you'd need=20
signed receipt confirmations.
--=20
Thomas Roessler http://log.does-not-exist.org/
--r5Pyd7+fXNt84Ff3
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iQEVAwUBO3ziodImKUTOasbBAQIX0Qf/cRfKPRWmOfPcaxJWYw3U12Br90o2Cm1/
0FbjvKMCZBP14Yg6tzHm9R9U+C9omuqhdeWJw0LXpTEkkoytLKvpJGftNqrqGnUo
D5StrLYp8htO9/npWk8wsD73Elyptc8UDdKg/5F89TzNgmPSMEpozA/bMdfm+QT5
YLRpmYHO7+yQqeSEDHCWtyOEeAScKusCyWiWdUUbZz5W14q50QyPF1yvuDtmRzEQ
g8x6woGloqqPvxJm+PdmIwLGIgBG6lkVVGNTWR9gaBWuJwX9GzL3rVECXhcUcjvJ
qbFrhbmUSDQSP/OETv74kE88kVDiyFGQitKbVxqLCbnx4PFZWm6PXQ==
=OcPN
-----END PGP SIGNATURE-----
--r5Pyd7+fXNt84Ff3--