sign and encrypt

[Chris De Young]

mkontakt at gmail.com wrote:
> I have seen in the spec rfc3156 that a message should be signed and
> then encrypted, but hypothetically if send a message to someone I do
> not like and sign it and then encrypt it he/she can forward it to
> someone else pretending that the message was originally from my self.

I assume you mean forward the decrypted version, with the signature
intact, since the encrypted version would only be readable by the
intended recipient.

Yes, this could happen, but it doesn't seem like a very big problem.
The deception doesn't work if anything in the message itself indicates
who the intended recipient is ("Hey Mike, [...]").

Signing after encryption exposes more information about the message,
which I think is the main reason it's discouraged.  The encrypted
version is already tamper-proof, since any alteration will break the
decryption.

-C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060605/e7288a1f/signature-0001.pgp