Format of signed-and-encrypted documents

John Arundel john@splange.freeserve.co.uk
Tue Jul 3 13:53:01 2001


--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jul 02, 2001 at 03:25:16PM -0600, Kurt Fitzner wrote:

> The reasoning is that if you are encrypting something, you may not
want the
> world to know who it's from.
Further, "In electronic correspondence... signing before encrypting is a prudent practice. Not only is it more secure - an adversary can't remove a signature from an excrypted message and add his own - but there are legal considerations: if the text to be signed is not visible to the signer when he affixes his signature, then the signature may have little legal force. And there some cryptanalytic attacks against this technique with RSA signatures." (Bruce Schneier, 'Applied Cryptography') John -- "I've had a perfectly wonderful evening. But this wasn't it." - Groucho Marx ____________________________________________________________________________ I prefer encrypted mail (see headers for PGP key) Why encrypt? http://www.heureka.clara.net/sunrise/pgpwhy.htm ____________________________________________________________________________ --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtBsYgACgkQw69+kJpgH/ThjgCfQlpy8YqF+ucurkHxu2F60UYz gYsAn3EyJX03bEdaFkGs8NdcPibgi/z8 =Wh3t -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5--