Recipient inconstistence: flaw in OpenPGP

Thomas Roessler roessler at
Fri Aug 17 12:27:02 CEST 2001

On 2001-08-17 08:58:41 +0200, Disastry at wrote:

>there is no way for recipient to be sure that the same message was 
>sent/encrypted to other recipients or not anyway.


>I think this in flaw in OpenPGP. It could be solved by adding some 
>special Recipients packet into encrypted message part.

Against what attack are you trying to defend, precisely?

Of course, you could make sure that a recipient list is included 
with the encryption envelope, is signed, and is thereby protected 
from alteration in transit.

However, this certainly won't prevent the sender(!) from adding fake 
recipients to this list.  There is no way you can ensure on the 
OpenPGP layer that a message was indeed sent to a set of recipients 
indicated inside that message.  In order to prove this, you'd need 
signed receipt confirmations.

Thomas Roessler              
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 492 bytes
Desc: not available
Url : /pipermail/attachments/20010817/c702c1a6/attachment.bin

More information about the Gnupg-devel mailing list