On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote: > On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote: > > In your example, the fact that a message was encrypted makes the > > recipient treat it as though the sender had indicated something specific > > about the message because it was encrypted. This is bad policy, since > > there is no indication that the sender encrypted the message themselves, > > or even knew that the message was encrypted. > > Which is exactly the reason for which Hauke proposed to sign the encrypted > message in addition to signing the cleartext message, is it not?
Wouldn't one have to encrypt the signed-encrypted-signed message again to prevent an attacker from stripping away the outer signature? What would the recipient then do with the simple signed-encrypted message? > Sure, there might be other ways: add a message stating to which key the > message is encrypted, etc. But this one has the advantage of requiring > AFAICT no alteration to the standard, and of being easily automated, for > humans are quite poor at remembering to always state to which key they > encrypt. > > Anyway, wouldn't you react differently depending on whether a message was > encrypted to your offline key or unencrypted? One should certainly not act differently depending on the encryption of a message. Maybe with the one exception of timeliness: If a message is encrypted, you'll probably be ok with me reading the mail when I'm at my home computer. If a message is encrypted to my offline key, you'll be prepared to wait for a month or so (many people have their offline-key in a safe deposit box). Of course this opens way to subtle timing attacks (delaying reading a message until it is no longer relevant), but these subtle attacks can be done using simpler means (holding the message in transit). Cheers, Johannes _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users