signing & encrypting

Len Sassaman rabbi@quickie.net
Fri May 17 23:22:02 2002


On Fri, 17 May 2002, Aurelio Turco wrote:

> Ryan Malayter wrote:
> >
> > The best security comes from using sign/encrypt/sign. See:
> >
> > http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
>
> Thanks for the reference. I found it a great help.
>
> However, the author does not mention GnuPG.

For the purpose of this paper, PGP = GnuPG.

Note, however, that this paper is not very impressive. I commented on this
on the Cryptography list when it was first published, so I am not going to
repeat my arguments again in detail -- the long and short of it was that
Davis is arguing that developers should be using technology to solve a
user-interaction problem. This just won't work.

(FWIW, I believe he misses the fact that OpenPGP includes timestamps in
its signatures, also.)