What is the benefit of signing an encrypted email
David Shaw
dshaw at jabberwocky.com
Wed Jan 12 06:52:59 CET 2011
On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
> On Tue, Jan 11, 2011 at 12:19 PM, <dan at geer.org> wrote:
>>
>> If one is a purist, then one wants sign>encrypt>sign
>>
>> See http://world.std.com/~dtd/#sign_encrypt
>
> That is a really interesting paper. Did the OpenPGP protocol ever
> include a fix for the attack they describe?
No. It was generally felt that this was more of an attack on the user of crypto, rather than on the crypto itself.
See this thread from when the paper was first published: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00259.html
And especially: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00261.html
David
More information about the Gnupg-users
mailing list