What is the benefit of signing an encrypted email

David Shaw dshaw at jabberwocky.com
Wed Jan 12 06:52:59 CET 2011

On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:

> On Tue, Jan 11, 2011 at 12:19 PM,  <dan at geer.org> wrote:
>> If one is a purist, then one wants sign>encrypt>sign
>> See http://world.std.com/~dtd/#sign_encrypt
> That is a really interesting paper.  Did the OpenPGP protocol ever
> include a fix for the attack they describe?

No.  It was generally felt that this was more of an attack on the user of crypto, rather than on the crypto itself.

See this thread from when the paper was first published: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00259.html

And especially: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00261.html


More information about the Gnupg-users mailing list