What is the benefit of signing an encrypted email

Nicholas Cole nicholas.cole at gmail.com
Wed Jan 12 11:01:17 CET 2011

On Wed, Jan 12, 2011 at 5:52 AM, David Shaw <dshaw at jabberwocky.com> wrote:
> On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
>> On Tue, Jan 11, 2011 at 12:19 PM,  <dan at geer.org> wrote:
>>> If one is a purist, then one wants sign>encrypt>sign
>>> See http://world.std.com/~dtd/#sign_encrypt
>> That is a really interesting paper.  Did the OpenPGP protocol ever
>> include a fix for the attack they describe?
> No.  It was generally felt that this was more of an attack on the user of crypto, rather than on the crypto itself.
> See this thread from when the paper was first published: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00259.html

That thread is clearly right about the bulk of the paper, which is
clearly an attack on the user of the crypto.  Signing ambiguous
messages is not a good idea!   But what about the suggestion they made
in section 1.2 about not signing crypt texts?  Am I right that openpgp
always encrypts signed text, rather than signing encrypted text, and
so is not vulnerable at all?

Best wishes,


More information about the Gnupg-users mailing list