[149223] in cryptography@c2.net mail archive
Re: [Cryptography] Does PGP use sign-then-encrypt or
daemon@ATHENA.MIT.EDU (Peter Todd)
Sun Jan 26 16:41:49 2014
X-Original-To: cryptography@metzdowd.com
Date: Sun, 26 Jan 2014 16:39:14 -0500
From: Peter Todd <pete@petertodd.org>
To: "James A. Donald" <jamesd@echeque.com>
In-Reply-To: <52E440BE.9030805@echeque.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============9158621651777074145==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="HlL+5n6rz5pIUxbD"
Content-Disposition: inline
--HlL+5n6rz5pIUxbD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jan 26, 2014 at 08:54:54AM +1000, James A. Donald wrote:
> On 2014-01-26 03:05, Yuriy Kaminskiy wrote:
> >Does not work with *more than two participants* (Alice, Bob and Charlie =
know
> >shared secret and thus can generate and validate MAC; who was author of =
message,
> >Alice or Charlie?).
>=20
> If small number of participants sharing encrypted messages, they
> trust each other. They are worried about messages being altered by
> outsiders.
>=20
> If one of their shared messages leaks, the fact that outsiders
> cannot tell which of them originated it is a feature, not a bug.
In some usage scenarios it is, in others it is not.
I personally have made use of sign-then-encrypt by signing a
confidential security audit, encrypting it to the client, and telling
them how they can use the --override-session-key feature of GPG to later
release my report after the client had fixed the issues.
It's often the case that while confidentiality - encryption - is
important should the messages be leaked for whatever reason
non-repudiation is also important. In short, sometimes messages being
altered by insiders matters too.
--=20
'peter'[:-1]@petertodd.org
0000000000000000685ad208a55a5a97d9c789773ed6cba98a2159136528ae6b
--HlL+5n6rz5pIUxbD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGrBAEBCACVBQJS5YCBXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDA2ODVhZDIwOGE1NWE1YTk3ZDljNzg5NzczZWQ2Y2JhOThh
MjE1OTEzNjUyOGFlNmIvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfsh3Af/QPU01YAinW/zmlkPY6O2EY6a
Ka4ckzaORQQp0ugjs1wQuk0goljJE8TiJP4QXfddC8VQrgqlufk7ufmR6VpUNTWH
jKdxe94NeZH6wWgwRaQQWHHgeDNo4/xE83/W2dnhxMqERbMeyxkWAjhGQaHHVwg0
OOJEt4XHAlOrFk+LJjj0USroPK3HFwxMtZgZepO9zUp9MKwpdyUmQhekNZ7tMzTZ
Lbjoa6nULG/KDugnW+PMzQK4By/wmSbI91gY1pCinERhIHDs34dOuCBj2iRlgEsm
ajnlaRS+bcbyr3RhDXQYeoyqZd0D4XY5o2ScIa2XzIYNObEVGkaQ5FhDLF8Lgg==
=q7X0
-----END PGP SIGNATURE-----
--HlL+5n6rz5pIUxbD--
--===============9158621651777074145==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============9158621651777074145==--
