On Fri, Jan 03, 2014 at 06:21:05AM -0500, Robert J. Hansen wrote:
> On 1/3/2014 4:57 AM, Hauke Laging wrote:
> > Would you explain how that shall be avoided?
>
> I already did, in quite clear language.
>
> You are trying to solve a social problem ("people don't have the
> background to think formally about trust issues") via technological
> means ("if we just change the way we sign...").
I think the need for such a fix could also be highlighted in the following
example.
I sign the message "Got to talk tomorrow at dawn", then send it to Alice,
thinking about the cake for the birthday party, not important so not encrypting
it. Bob grabs the message, and sends it encrypted to Alice's highest security
key. Alice then thinks it is a really important message, and the matters to
discuss are really important. She takes with her the top secret files we are
working together on. Bob, knowing the place and date of the meeting, then comes
and steals the top secret files.
So changing the encryption could break an opsec.
I'm not saying it would be useful everyday. But some use cases seem to require
it. However, I'm not saying this feature should be included by default, as a fix
would be easy (call gpg twice), and I can think of few use cases.
BTW, is a timestamp included in the signature? If not, it could lead to similar
issues.
Cheers,
Leo
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
