Am Fr 03.01.2014, 01:13:13 schrieb Doug Barton: > On 01/03/2014 12:59 AM, Hauke Laging wrote: > | Do you agree that it is (or, depending on the content, can be) an > | important information whether a message was encrypted by the sender > | (and for which key)? > > Not particularly, no. The message doesn't get encrypted using the > sender's key, although it may be encrypted to the sender's key, along > with the recipient's.
That's not what I am talking about. I am talking about the recipient having keys with different security levels. So there are keys I (insecure) and S (secure). By insecure I mean a key like the one which signs this email: Being used on a normal system (i.e. an insecure one; oh no, in a moment Rob will notice that I used "secure" and "insecure" again...). If data is so important that it shall not be encrypted for my key I but for my key S only then I want to be sure that it has been encrypted by the sender for S. That the message which arrives at me is encrypted for S does not ensure this. Anyone can encrypt messages for my key. > What advantage does it give to the attacker to encrypt a message via > MITM? As I said: If a normal user (i.e. one with nearly no security clue at all) starts an email conversation without encryption (or with weak encryption) and I notice that (because the message arrives unchanged) then I will tell the sender to change his behaviour. He will probably to that and the communication becomes secure. It is in the interest of an adversary to prevent the communication from becoming secure. > The likely outcome of doing so would be to reveal that they are > intercepting messages, In my opinion it is very unlikely that this would be revealed. There are people who like to get everything encrypted and those who prefer to get only important data encrypted. Every serious adversary will know what type his target is. This is more or less a public information. So if somebody wants everything encrypted why should he ever ask or mention that? It is possible, yes. "Thanks for encrypting your messages." Who does that? And how many senders unfamiliar with crypto would understand from that that their message has been modified? Maybe a nice feature of their great ISP? Even worse with asking such a sender whether he has used the right recipient key. Probably he will not even understand the problem or misassess the situation. And if the recipient expects only important data to be encrypted then the adversary would encrypt only important data (which may be hard to decide automatically though but who would notice a minute delay under normal circumstances?). And why should the adversary not risk being detected? We encrypt because we assume that there are adversaries. > | How can it make little sense to provide this information? > > If the sender cares they can insert a statement in their signed > message. "I did/did not encrypt this message before sending." Problem > solved. Yes. But why should the sender care? The sender can be sure about doing it right! The recipient is the one who cannot. And why should we bother writing that in every mail if there is a simple automatic solution to it? You cannot even be sure that the information is correct! People make mistakes. > My argument is that the _only_ thing relevant to message validity is > the signature on the message itself. I do not doubt that in any way but my argument isn't about validity at all. It is about guaranteed confidentiality! That is a big difference. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
