What is the benefit of signing an encrypted email
Nicholas Cole
nicholas.cole at gmail.com
Wed Jan 12 11:01:17 CET 2011
On Wed, Jan 12, 2011 at 5:52 AM, David Shaw <dshaw at jabberwocky.com> wrote:
> On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
>
>> On Tue, Jan 11, 2011 at 12:19 PM, <dan at geer.org> wrote:
>>>
>>> If one is a purist, then one wants sign>encrypt>sign
>>>
>>> See http://world.std.com/~dtd/#sign_encrypt
>>
>> That is a really interesting paper. Did the OpenPGP protocol ever
>> include a fix for the attack they describe?
>
> No. It was generally felt that this was more of an attack on the user of crypto, rather than on the crypto itself.
>
> See this thread from when the paper was first published: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00259.html
That thread is clearly right about the bulk of the paper, which is
clearly an attack on the user of the crypto. Signing ambiguous
messages is not a good idea! But what about the suggestion they made
in section 1.2 about not signing crypt texts? Am I right that openpgp
always encrypts signed text, rather than signing encrypted text, and
so is not vulnerable at all?
Best wishes,
Nicholas
More information about the Gnupg-users
mailing list