Signature semantics

vedaal at vedaal at
Tue Nov 4 17:19:17 CET 2008

>Date: Mon, 3 Nov 2008 16:47:01 -0500
>From: David Shaw <dshaw at>
>Subject: Signature semantics (was Re: Anyone know what became of 
>	Gaim-E	Project?)
>To: gnupg-users at
>Message-ID: <20081103214701.GD17229 at>

>One lesson that can be learned from this is that the signed 
>portion of
>a message should contain sufficient context so that the message 
>cannot be repurposed in this fashion.  

one of the ways to protect Alice (or any unwary sender)
is to have a feature to do exactly that,

that if a message is sent signed and encrypted,
to have gnupg prompt the following:

gpg: you have chosen to sign and encrypt your message
gpg: would you like to have gnupg add a line to the plaintext 
before the signature, saying "this message is encrypted to 
<keyname>" ?  y/n
gpg: you have chosen  n
gpg: your signed and encrypted message can separated and re-
encrypted to another key with its signature intact
gpg: really choose n ? y/n

this way,
if Alice started her message with,
" Hi Baker!"
she can ignore the option,

but if she were unaware of it,
she could opt for adding the line,
and the re-encryption attack would be defeated by having the 
original recipient verified by the signature

i know it's a 'change to the plaintext'

but it's a change where the user is asked for permission beforehand,
and can always choose to deny gnupg to do so

not meant to be an 'open-pgp feature request'
just a 
'courtesy gnupg request'

(no reason that gnupg can't be 'better' than what open-pgp' 
as long as gnupg is 'compatible')


any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

Save for the future with great IRA Funds. Click now!

More information about the Gnupg-users mailing list