Format of signed-and-encrypted documents
John Arundel
john@splange.freeserve.co.uk
Tue Jul 3 13:53:01 2001
--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Jul 02, 2001 at 03:25:16PM -0600, Kurt Fitzner wrote:
> The reasoning is that if you are encrypting something, you may not
want the
> world to know who it's from.
Further,
"In electronic correspondence... signing before encrypting is a prudent
practice. Not only is it more secure - an adversary can't remove a
signature from an excrypted message and add his own - but there are legal
considerations: if the text to be signed is not visible to the signer
when he affixes his signature, then the signature may have little legal
force. And there some cryptanalytic attacks against this technique with
RSA signatures."
(Bruce Schneier, 'Applied Cryptography')
John
--
"I've had a perfectly wonderful evening. But this wasn't it." - Groucho Marx
____________________________________________________________________________
I prefer encrypted mail (see headers for PGP key)
Why encrypt? http://www.heureka.clara.net/sunrise/pgpwhy.htm
____________________________________________________________________________
--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjtBsYgACgkQw69+kJpgH/ThjgCfQlpy8YqF+ucurkHxu2F60UYz
gYsAn3EyJX03bEdaFkGs8NdcPibgi/z8
=Wh3t
-----END PGP SIGNATURE-----
--FL5UXtIhxfXey3p5--