Signature semantics

vedaal at hush.com vedaal at hush.com
Tue Nov 4 17:19:17 CET 2008


>Date: Mon, 3 Nov 2008 16:47:01 -0500
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Signature semantics (was Re: Anyone know what became of 
>the
>	Gaim-E	Project?)
>To: gnupg-users at gnupg.org
>Message-ID: <20081103214701.GD17229 at jabberwocky.com>


>One lesson that can be learned from this is that the signed 
>portion of
>a message should contain sufficient context so that the message 
>cannot be repurposed in this fashion.  


one of the ways to protect Alice (or any unwary sender)
is to have a feature to do exactly that,

that if a message is sent signed and encrypted,
to have gnupg prompt the following:

gpg: you have chosen to sign and encrypt your message
gpg: would you like to have gnupg add a line to the plaintext 
before the signature, saying "this message is encrypted to 
<keyname>" ?  y/n
gpg: you have chosen  n
gpg: your signed and encrypted message can separated and re-
encrypted to another key with its signature intact
gpg: really choose n ? y/n


this way,
if Alice started her message with,
" Hi Baker!"
she can ignore the option,

but if she were unaware of it,
she could opt for adding the line,
and the re-encryption attack would be defeated by having the 
original recipient verified by the signature

yes,
i know it's a 'change to the plaintext'

but it's a change where the user is asked for permission beforehand,
and can always choose to deny gnupg to do so

not meant to be an 'open-pgp feature request'
just a 
'courtesy gnupg request'

(no reason that gnupg can't be 'better' than what open-pgp' 
requires,
as long as gnupg is 'compatible')


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Save for the future with great IRA Funds. Click now!
http://tagline.hushmail.com/fc/Ioyw6h4eN0eOfmN5OaUXh5FbHFtsCZgu2MRnPpNQYhqL6Y1zfhykYv/




More information about the Gnupg-users mailing list