secure sign & encrypt

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Wed May 22 09:50:02 2002 

--=-Z8G8Y2477TfMVHktYfb7
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-05-21 at 18:32, Robert J. Hansen wrote:
> > not be the case. The open question is basically if the user should be
> > educated that the software does not work the way they think (hard, I
> > think), or if the software should be modified to match the users
> > (reasonable, imho) expectations.
>=20
> "To every sociological problem there exists a technological solution whic=
h=20
> is cheap, easy, and wrong."
>=20

Why do locks exist, then? The existence of thieves is a purely
sociological problem, after all, and so one should not try to solve it
with technological means.

I agree it'd be breaking (I'd call it extending, but call it what you
want). But I argue that it's just automating a task the user presently
has to do manually.

Currently, to get secure, authenticated end-to-end encryption with gpg,
the sender has to sign/encrypt/sign, which presently requires at least 2
gpg invocations, and the recipient has to manually verify that the inner
and the outer signature match.=20

What I propose does basically just automate this task. It might do so by
literally sign/encrypt/sign, or by encrypt/sign[intended ecryption
keys|msg] (cf my proposal) - it's not the issue which of the two is
happening, though I believe the latter to be more elegant.=20

And I want to stress again that having an end-to-end encrypted channel
is imho a fairly basic requirement of a cryptosystem and is what the
average user is probably expecting to have if he is at the receiving end
of an encrypted channel.

cheers
-- vbi

--=20
secure email with gpg                 avbidder@fortytwo.ch: key id
0x92082481
                                      avbidder@acter.ch:    key id
0x5E4B731F


--=-Z8G8Y2477TfMVHktYfb7
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA8604Bwj49sl5Lcx8RAtmNAJ0fYD5r7s1hlNj5Ve5QMuQHDrCpxgCfetUz
px4yEN6v/VMxgFItAF31nrU=
=q7bS
-----END PGP SIGNATURE-----

--=-Z8G8Y2477TfMVHktYfb7--