What is the benefit of signing an encrypted email
nicholas.cole at gmail.com
Wed Jan 12 11:01:17 CET 2011
On Wed, Jan 12, 2011 at 5:52 AM, David Shaw <dshaw at jabberwocky.com> wrote:
> On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
>> On Tue, Jan 11, 2011 at 12:19 PM, <dan at geer.org> wrote:
>>> If one is a purist, then one wants sign>encrypt>sign
>>> See http://world.std.com/~dtd/#sign_encrypt
>> That is a really interesting paper. Did the OpenPGP protocol ever
>> include a fix for the attack they describe?
> No. It was generally felt that this was more of an attack on the user of crypto, rather than on the crypto itself.
> See this thread from when the paper was first published: http://firstname.lastname@example.org/msg00259.html
That thread is clearly right about the bulk of the paper, which is
clearly an attack on the user of the crypto. Signing ambiguous
messages is not a good idea! But what about the suggestion they made
in section 1.2 about not signing crypt texts? Am I right that openpgp
always encrypts signed text, rather than signing encrypted text, and
so is not vulnerable at all?
More information about the Gnupg-users