Joe Smith unknown_kev_cat at hotmail.com wrote on Wed Jun 7 21:08:05 CEST 2006 :
> Encrypt and then sign does not have this problem, > unless the other person is willing to sacrifice > his/her private key. > To avoid leaking information via the signature > Encrypt-sign-encrypt could work. no the receiver could simply post the message and the session keys, it also doesn't protect against surreptious forwarding, the receiver can decrypt the outer layer, and leave the inner encrypted layer, with the signature intact, and re-encrypt to any toher key and send it along vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
