sign encrypted emails
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Jan 4 01:31:29 CET 2014
On 01/03/2014 06:56 PM, Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote:
>> On 01/03/2014 08:12 AM, Leo Gaspard wrote:
>>> So changing the encryption could break an opsec.
>>
>> If someone's opsec is based on the question of whether a message was
>> encrypted or not, then they've probably got their cart before their
>> horse too.
>>
>> opsec requirements should indicate whether you encrypt, not the other
>> way around.
>
> Well... So, where is the flow in my example? This example was designed so that,
> depending on the level of encryption (and so the "importance" of the safety of
> the message according to the sender), the message had different meanings.
As you've noticed, the sender cannot verifiably communicate their intent
by their choice of encryption key. If the sender wants to communicate
their intent in a way that the recipient can verify it, they'll need to
sign something.
In your example, the fact that a message was encrypted makes the
recipient treat it as though the sender had indicated something specific
about the message because it was encrypted. This is bad policy, since
there is no indication that the sender encrypted the message themselves,
or even knew that the message was encrypted.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140103/b5cfe015/attachment.sig>
More information about the Gnupg-users
mailing list