[8174] in cryptography@c2.net mail archive
Re: Is PGP broken?
daemon@ATHENA.MIT.EDU (L. Sassaman)
Sun Dec 3 20:03:00 2000
Date: Sun, 3 Dec 2000 15:50:51 -0800 (PST)
From: "L. Sassaman" <rabbi@quickie.net>
To: Enzo Michelangeli <em@who.net>
Cc: Ralf Senderek <ralf@senderek.de>, <cryptography@c2.net>
In-Reply-To: <004d01c05d82$98e12f00$3000a8c0@fechk.local>
Message-ID: <Pine.LNX.4.30.QNWS.0012031542260.9884-100000@thetis.deor.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This has nothing to do with encryption...
I think what Ralf was refering to was the unsigned vs. unsigned signature
subpackets. He's not suggesting any changes to OpenPGP, radical or not.
Though, as I pointed out to Ralf in private email, subpacket 16 should be
permitted outside of the signature. Other than that, I can see no packet
that needs to be placed outside the signature, and agree with Ralf that
they should be disallowed. (If someone has a reason why any of the others
would need to be in the unsigned area, please let me know.)
But I think this discussion is getting a little too specific for this
list.
- --Len.
On Mon, 4 Dec 2000, Enzo Michelangeli wrote:
> Wouldn't using sinature as outermost layer favout traffic analysis? I would
> prefer to use encryption for that, possibly in a stego-able way.
>
> And, if we are ready to make radical changes, it would be nice to have a
> cryptosystem without any secret keyring, like Pegwit: what doesn't exist
> can't be stolen. I suppose that any discrete-log algorithm would be eligible
> (not only ECC).
>
> Enzo
>
> ----- Original Message -----
> From: "Ralf Senderek" <ralf@senderek.de>
> To: "L. Sassaman" <rabbi@quickie.net>
> Cc: <cryptography@c2.net>
> Sent: Sunday, December 03, 2000 7:54 PM
> Subject: Re: Is PGP broken?
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > "L. Sassaman" <rabbi@quickie.net> wrote:
> >
> > > Shameless plug: Ben Laurie and I were discussing this exact topic
> earlier
> > > this month. I'm going to England next month to sit down and hash out
> > > exactly what we want to do, but we would like to add OpenPGP features to
> > > OpenSSL. [...] I think the benefits of having an
> > > Apache-style licensed OpenPGP toolkit are obvious.
> >
> > This is a grand idea and I hope you will receive widespread support.
> > But I would like to ask you to do me (and others) the favour to interprete
> > the RFC-2440 (OpenPGP-Standard) in a way that the number of unsigned
> > packets in signatures is definitely zero. This would be the way one
> > would think of a signature in the non-digital world anyway.
> >
> > Good luck,
> >
> > Ralf
> >
> >
> *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
> > * Ralf Senderek <ralf@senderek.de> * What is privacy
> *
> > * http://senderek.de * without
> *
> > * Tel.: 02432-3960 Sandstr. 60 D-41849 Wassenberg * PGP-2.6.3i?
> *
> >
> *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: 2.6.3ia
> > Charset: noconv
> >
> > iQCVAwUBOio0KSmc/oJTgiNJAQGWjgQAle2fU2syOy/NzHSN8IcUQ0Xi5zZbc9sx
> > ca2rhOyRnm2TWehdRnt0vzHHl/cOsyOtlGc8407aYiHY0d2wsmbO7/TYumNRW7PO
> > CJu9PJKIF5nMKVr2HeAJi2g/0jrJI9h1GIewP6rmKURCLzKhhu9FribILAp88OxO
> > CDFLSWCdzZg=
> > =qCZ+
> > -----END PGP SIGNATURE-----
> >
> >
>
__
L. Sassaman
Security Architect | "The world's gone crazy,
Technology Consultant | and it makes no sense..."
|
http://sion.quickie.net | --Sting
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE6KtxkPYrxsgmsCmoRAprpAJ9pRaAcKGPrblgzlJpIDfhbIFfLOgCfdPQ3
15dmTDeYUxrzOstOeskUSks=
=upWU
-----END PGP SIGNATURE-----
