Signature semantics
vedaal at hush.com
vedaal at hush.com
Tue Nov 4 17:19:17 CET 2008
>Date: Mon, 3 Nov 2008 16:47:01 -0500
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Signature semantics (was Re: Anyone know what became of
>the
> Gaim-E Project?)
>To: gnupg-users at gnupg.org
>Message-ID: <20081103214701.GD17229 at jabberwocky.com>
>One lesson that can be learned from this is that the signed
>portion of
>a message should contain sufficient context so that the message
>cannot be repurposed in this fashion.
one of the ways to protect Alice (or any unwary sender)
is to have a feature to do exactly that,
that if a message is sent signed and encrypted,
to have gnupg prompt the following:
gpg: you have chosen to sign and encrypt your message
gpg: would you like to have gnupg add a line to the plaintext
before the signature, saying "this message is encrypted to
<keyname>" ? y/n
gpg: you have chosen n
gpg: your signed and encrypted message can separated and re-
encrypted to another key with its signature intact
gpg: really choose n ? y/n
this way,
if Alice started her message with,
" Hi Baker!"
she can ignore the option,
but if she were unaware of it,
she could opt for adding the line,
and the re-encryption attack would be defeated by having the
original recipient verified by the signature
yes,
i know it's a 'change to the plaintext'
but it's a change where the user is asked for permission beforehand,
and can always choose to deny gnupg to do so
not meant to be an 'open-pgp feature request'
just a
'courtesy gnupg request'
(no reason that gnupg can't be 'better' than what open-pgp'
requires,
as long as gnupg is 'compatible')
vedaal
any ads or links below this message are added by hushmail without
my endorsement or awareness of the nature of the link
--
Save for the future with great IRA Funds. Click now!
http://tagline.hushmail.com/fc/Ioyw6h4eN0eOfmN5OaUXh5FbHFtsCZgu2MRnPpNQYhqL6Y1zfhykYv/
More information about the Gnupg-users
mailing list