sign encrypted emails
Johannes Zarl
johannes at zarl.at
Sat Jan 4 22:28:26 CET 2014
On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> > In your example, the fact that a message was encrypted makes the
> > recipient treat it as though the sender had indicated something specific
> > about the message because it was encrypted. This is bad policy, since
> > there is no indication that the sender encrypted the message themselves,
> > or even knew that the message was encrypted.
>
> Which is exactly the reason for which Hauke proposed to sign the encrypted
> message in addition to signing the cleartext message, is it not?
Wouldn't one have to encrypt the signed-encrypted-signed message again to
prevent an attacker from stripping away the outer signature? What would the
recipient then do with the simple signed-encrypted message?
> Sure, there might be other ways: add a message stating to which key the
> message is encrypted, etc. But this one has the advantage of requiring
> AFAICT no alteration to the standard, and of being easily automated, for
> humans are quite poor at remembering to always state to which key they
> encrypt.
>
> Anyway, wouldn't you react differently depending on whether a message was
> encrypted to your offline key or unencrypted?
One should certainly not act differently depending on the encryption of a
message. Maybe with the one exception of timeliness: If a message is
encrypted, you'll probably be ok with me reading the mail when I'm at my home
computer. If a message is encrypted to my offline key, you'll be prepared to
wait for a month or so (many people have their offline-key in a safe deposit
box).
Of course this opens way to subtle timing attacks (delaying reading a message
until it is no longer relevant), but these subtle attacks can be done using
simpler means (holding the message in transit).
Cheers,
Johannes
More information about the Gnupg-users
mailing list