signing & encrypting

David T-G
Fri May 17 14:55:08 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Aurelio --

=2E..and then Aurelio Turco said...
% Werner Koch wrote:
% >=20
% > The problem with S(E(m)) is that it reveals information about the
% > sender/signer whereas E(S(m)) does only tell you who is the recipient
% Please forgive my ignorance in the matter, but,
% if E(m) is vulnerable to tampering, why isnt E(S(m))?

Don't think of it as tampering; think of it instead as interception.  A
message "m" has been signed with someone's key "S", so you know that S
wrote the message.  Since it's been encrypted with key "E", you know that
it's to you.  What you don't know, however, is whether it was S to sent
it to you or someone else who bundled up S's signed message and encrypted
and sent it to you.

In the example given in Don Davis' paper, Alice signs a short and simple
message that says "the deal is off" and sends it to Bob.  Bob is ticked
off and so he re-encrypts the signed message with Charlie's key, knowing
that Charlie is vying for the position that Bob just lost, and sends the
note on to Charlie with some clever header forgery.  Now Charlie has
received a message that only he can open that has been signed by Alice,
so he thinks the deal is off and goes and shoots himself.

% I understand why S(E(m)) isnt, but with E(S(m)),
% it is not obvious to me at all.

Yes, the original message is preserved (or so I understand; I don't know
enough about the theory to know if Davis said that a message could be
fabricated that encrypted to the same thing so that Alice, seeing a copy
of what Charlie gets, cannot refute that she didn't send the completely
different message that Bob put in), but part of the necessary security
is ensuring the intended path.

% Any help would be much appreciated.


% Cheers.
% Aurelio.

David T-G                      * It's easier to fight for one's principles
(play) * than to live up to them. -- fortune cookie
(work)    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (GNU/Linux)