secure sign & encrypt

Adrian 'Dagurashibanipal' von Bidder avbidder at
Fri May 24 10:33:02 CEST 2002

On Thu, 2002-05-23 at 16:29, Robert J. Hansen wrote:
> > In the end it all boils down that people (or, at least I) automatically
> > put different meanings to a message, depending on the source of the

> proposed fix does not fix the protocol--the protocol's not broken--it just 
> makes the protocol come into line with how you think the protocol Ought To 
> Be.

Agree with you here - and I feel that to many users not willing to study
the protocol in dephth 'my' variant of the protocol is closer to what
people expect if they use a crypto solution.

> Perhaps signatures would work better.. that they contain information
> to who that particular message was sent. Perhaps the message itself ;)

I thought about the 'intended recipient' thing, analogous to my
'inteneded encryption key', but for non-encrypted messages. Clearly this
cannot be solved by gpg - how should it know the destination of the
message? However, MUAs could copy the To: header (and Subject:, too?)
into the signed area of the mail (MIME-Headers?), and use these infos
when displaying signed mail. (But as there are many more MUAs than
OpenPGP implementations, this proposal has an even smaller chance of
ever getting implemented)

As all points have probably been made (repeatedly - yes, I'm the guilty
here) it's probably ok if this is EOT here before the discussion becomes
endless (or we could always move over to de.alt.gruppenkasper).

cheers & HAND
-- vbi

secure email with gpg            avbidder at key id 0x92082481
                                 avbidder at    key id 0x5E4B731F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20020524/792409d9/attachment.bin

More information about the Gnupg-devel mailing list