GPG support in Mahogany

Xavier Nodet
Tue Dec 10 18:39:17 2002

On Sun, 8 Dec 2002 20:07:31 +0100 "Janusz A. Urbanowiz" <> wrote:

> On Tue, Dec 10, 2002 at 05:21:01PM +0100, Xavier Nodet wrote:
>> Of course, the originator is no more hidden, but this is not
>> necessarily bad.

> It is bad on the grounds of OpenPGP default threat model.

Could you point me to some document that describes this threat model,
please? I know I have much more to read than I already did.

> My question is: what do you want to prove (or prevent) with  the
> sign-encrypt-sign model? What do you do with messages that look like you
> aren't the designated recipient, or worse you are visibly not their
> designated recipient. Throw away them for they are invalid?

Warn the user. I, as a developper of a mail client, do not want to
decide anything. But I do want to provide some information when it is

And please remember that I'm only considering the decrypt/verify
process. My objective is not at all to setup a way to send some
encrypted information, but to receive it in such a way that a user will
be warned when this is needed.

>> I'm speaking about the destinator decrypting first, then re-encrypting
>> for a third person.

> You want to detect it, prevent it, prove it or what?

I want to detect it.

I want to provide as much information as possible to the user, who is
not necessarily a crypto-expert. And I am just beginning to use GPG for
myself, just enough to understand that doing cryptography the right way
is not necessarily easy.

Maybe I am completely off here. Maybe the sign-and-encrypt feature of
GPG is fundamentally different than first signing, then encrypting. I'd
be glad to learn that.

> (your approach looks a lot similar to one 'PGP vulnerability' that
> gets widly announced every two years or so).

Do you consider <>
to be part of those 'wildly announces'?

Xavier Nodet
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin, 1759.