[149210] in cryptography@c2.net mail archive
Re: [Cryptography] Does PGP use sign-then-encrypt or
daemon@ATHENA.MIT.EDU (Alexandre Anzala-Yamajako)
Wed Jan 22 18:54:07 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CACJAJ58wpQyKXQEgT2PqERFbafFuQeccyvgEvwpOKh-VVfCQ-w@mail.gmail.com>
From: Alexandre Anzala-Yamajako <anzalaya@gmail.com>
Date: Thu, 23 Jan 2014 00:05:31 +0100
To: Steve Weis <steveweis@gmail.com>
Cc: Cryptography <cryptography@metzdowd.com>,
Ralf Senderek <crypto@senderek.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6237363825096921185==
Content-Type: multipart/alternative; boundary=047d7b66f2f7c1bdf004f0972ba2
--047d7b66f2f7c1bdf004f0972ba2
Content-Type: text/plain; charset=ISO-8859-1
I think signing ciphertexts is generally a best practice, and
> certainly not a "mortal sin".
>
In the public key world, signing ciphertexts not only reveals the identity
of the sender but also allow relay attacks where a guy intercepts a signed
message, strips it from his signature and replaces it with its own.
Depending on the protocol it can be a problem.
I think the encrypt-sign-encrypt solution solves both of those problems
--
Alexandre Anzala-Yamajako
--047d7b66f2f7c1bdf004f0972ba2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">I think signing ciphertexts is generally a best practice, and<br><b=
lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
#ccc solid;padding-left:1ex">
certainly not a "mortal sin".<br clear=3D"all"></blockquote></div=
><br></div><div class=3D"gmail_extra">In the public key world, signing ciph=
ertexts not only reveals the identity of the sender but also allow relay at=
tacks where a guy intercepts a signed message, strips it from his signature=
and replaces it with its own. Depending on the protocol it can be a proble=
m. <br>
I think the encrypt-sign-encrypt solution solves both of those problems<br>=
</div><div class=3D"gmail_extra">-- <br>Alexandre Anzala-Yamajako<br><br><b=
r>
</div></div>
--047d7b66f2f7c1bdf004f0972ba2--
--===============6237363825096921185==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6237363825096921185==--
