signing & encrypting

Ryan Malayter rmalayter@bai.org
Mon May 20 18:44:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: Leigh S. Jones, KR6X [mailto:kr6x@kr6x.com]=20
>It may not be important to know who encrypted=20
>and sent the message because we trust the signature.

I agree, it may not be important, and E(S(m)) is fine for almost
every situation. But S/E/S might be desired, especially if the signed
message is ambiguous about its intended recipient or context.

>Would you sign an encrypted message unseen?
I'm sure a lot of executive types, at least in the physical world.
Secretary says, "sign this", and they usually just do it. They trust
the secretary in order to save time. In the digital world, it it much
easier for someone to pose as a trusted secretary.

	-ryan-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.7
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzpJ08ACgkQ9wZiZHyXot4ITwCgtQHhNifR1ObhzYiWNL6170i6
bgoAn0AXjzfmvgOWIN8LKBFXCUNRaM/s
=3DthDl
-----END PGP SIGNATURE-----