secure sign & encrypt

Adrian 'Dagurashibanipal' von Bidder avbidder at
Fri May 17 18:16:01 CEST 2002


After having read the paper refernced in the ongoing 'signing &
encrypting' thread on gpg-users

I feel that these flaws are quite serious, as non-experts (like me)
almost automatically assume end-to-end security if they receive
encrypted mail. I'm not on this list very long, so I didn't get previous
discussions of this (are theare *searchable* archives?)

How about this extension of the openPGP standard:

the signature (openpgp-)packet of a signed & encrypted msg includes an
additional (signed!!!) subpacket of the new type 'intended encryption
key'. when gpg is told to verify a message and finds such a subpacket,
it prints an error message if 
 - the message is not encrypted
 - the message is encrypted, but not with the intended key.
conventional signed & encrypted msgs produce a warning along the lines
of 'it can not be asserted that this message was encrypted by the
original sender. See <URL> for more information'.

(Of course, more than one 'intended encryption key' subpackets must be

Yes, this is not rfc - but I got the impression that the gpg people are
not against extending the standard if there are valid reasons (cf.
picture id)

And while I'm at it (though this is tangential here, I know):

extension to the OpenPGP-MIME RFC 3156: Add the To:, From: and Subject:
headers of the mail to the (signed) MIME headers of multipart/signed
msgs and bug the mailreader people to verify the mail headers with

-- vbi

secure email with gpg                 avbidder at key id
                                      avbidder at    key id

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20020517/657bb840/attachment.bin

More information about the Gnupg-devel mailing list