secure sign & encrypt

[Adrian 'Dagurashibanipal' von Bidder]

Yo!

After having read the paper refernced in the ongoing 'signing &
encrypting' thread on gpg-users

http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html

I feel that these flaws are quite serious, as non-experts (like me)
almost automatically assume end-to-end security if they receive
encrypted mail. I'm not on this list very long, so I didn't get previous
discussions of this (are theare *searchable* archives?)

How about this extension of the openPGP standard:

the signature (openpgp-)packet of a signed & encrypted msg includes an
additional (signed!!!) subpacket of the new type 'intended encryption
key'. when gpg is told to verify a message and finds such a subpacket,
it prints an error message if 
 - the message is not encrypted
 - the message is encrypted, but not with the intended key.
conventional signed & encrypted msgs produce a warning along the lines
of 'it can not be asserted that this message was encrypted by the
original sender. See <URL> for more information'.

(Of course, more than one 'intended encryption key' subpackets must be
allowed)

Yes, this is not rfc - but I got the impression that the gpg people are
not against extending the standard if there are valid reasons (cf.
picture id)


And while I'm at it (though this is tangential here, I know):

extension to the OpenPGP-MIME RFC 3156: Add the To:, From: and Subject:
headers of the mail to the (signed) MIME headers of multipart/signed
msgs and bug the mailreader people to verify the mail headers with
these.



comments?
-- vbi


-- 
secure email with gpg                 avbidder at fortytwo.ch: key id
0x92082481
                                      avbidder at acter.ch:    key id
0x5E4B731F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20020517/657bb840/attachment.bin