sign and encrypt

David Shaw dshaw at jabberwocky.com
Mon Jun 5 23:57:14 CEST 2006


On Mon, Jun 05, 2006 at 11:41:01PM +0200, mkontakt at gmail.com wrote:
> I have seen in the spec rfc3156 that a message should be signed and
> then encrypted, but hypothetically if send a message to someone I do
> not like and sign it and then encrypt it he/she can forward it to
> someone else pretending that the message was originally from my self.
> Is there anything I have missed in spec or in gnupg to forbid this?

This isn't a rfc3156 (PGP/MIME) or GPG issue.  The recipient can
forward anything he likes and there is no way to prevent him.

If you want to make it not useful for him to forward, stick something
like "I sent this to so-and-so" in the signed message.

David



More information about the Gnupg-users mailing list