[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A weakness in PGP signatures, and a suggested solution (long)



In article <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>, Jeffrey Goldberg <[email protected]> says:

{SNIP}
>I have omitted the other scenarios for reasons of space.  All of
>them are based on the fact that information about the intended
>recipient (including newsgroup) is not part of the information signed.
>
>I proposal is made for a mechanism to have some header information
>signed as well.
>
{SUPER-SNIP}
First of all, if the recipient is a newsgroup, why would that particular
information need to be part of the signed information?  If you post to a
newsgroup a message that is only signed (as opposed to encrypted also), 
then you are obviously not worried about who reads it.  The signature is 
only a method of proving that the important text (message) is unchanged and
intact, and that the person who it is supposed to be from is the same who 
signed it.

Secondly, if you are sending email to some one and sign it using pgp, wouldn't
that person need pgp to prove that in fact you did sign it?  Then it can be
reasonable that if that person has pgp to prove the signature, that person has
pgp to decrypt mail sent to them.  Simply sign you message and encrypt it 
using that person's public key.  All of this (from what I remember reading)
is in the pgp manual, and is one of the key methods for using public key 
encryption.

So if all that needs be done to a message to insure that the appropriate 
person reads it is encrypt it using their public key, why does pgp (or one
of the pgp interfaces) need to be changed to include header information?  
I think it just includes more well already.  "If it ain't broke, don't fix
it."

"That's all Ah've got to say about that."