Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl: > Wouldn't one have to encrypt the signed-encrypted-signed message again > to prevent an attacker from stripping away the outer signature? What > would the recipient then do with the simple signed-encrypted message?
That would be possible for an attacker but not make any sense: If the recipient expects the outer signature (only then this feature is a protection like signing is a protection only if the recipient acts differently on signed vs. non-signed messages) then the attacker is discovered without any advantage. There is another reason for creating this fourth layer: Some people want to hide the metadata (who made the signature). > One should certainly not act differently depending on the encryption > of a message. You are aware that is doesn't make any sense to make this claim without any argument after the opposite has been claimed with an argument (a very strong one)? Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
