1995-09-02 - Re: O.J. ObCrypto: Fuhrman’s Folly Fans Fakery Fears…

Header Data

From: “Robert A. Rosenberg” <hal9001@panix.com>
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: f3bf737c30b60ccde379f810016bb53319b41718f931220abaa97eb42f507514
Message ID: <v02130503ac6d34180345@[166.84.254.3]>
Reply To: N/A
UTC Datetime: 1995-09-02 04:38:08 UTC
Raw Date: Fri, 1 Sep 95 21:38:08 PDT

Raw message

From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Fri, 1 Sep 95 21:38:08 PDT
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: O.J. ObCrypto:  Fuhrman's Folly Fans Fakery Fears...
Message-ID: <v02130503ac6d34180345@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 9/1/95, Bill Stewart wrote:
>>I do not think that PGP 2.x can easily (ie: Automatically) use one key for
>>Signing and another for Encrypting a Message (it does both at the same time
>>if you ask). If I "Clear Sign" a message and then Encrypt it, then I get
>>the result but I'm not sure if doing the decrypt on such a message will
>>automatically spot the signature and verify it (as would occur with a E+S
>>pass).
>
>PGP identifies the key for decryption and signature checking from the message.
>When you're signing a message or key, you can pick which of your keys to
>use with the -u option.

OK - I'll rephrase my query/quandary. If I create a message by feeding in
plain text and asking for an Encrypt and Sign is the FORMAT of the
resulting file different from one there I Sign the Text and then (in a
separate step/pass) Encrypt the Signed Message (IOW is E+S just a short cut
for the two processes done in sequence using the same key for both
operations)? If E+S is only a short-cut then doing the steps separately
will give the result that PGP3 will get automatically with its Separate
Function Keys Feature.

>The difficulty is getting people to use your
>encryption key instead of your signature key when encrypting stuff for you.
>Derek mentioned one approach (get people to load the encryption key first);
>unfortunately, you can't predict their behavior, and if you change encryption
>keys more often than signature keys, they'll load the newest encryption key
>last.
>Another approach is to identify them in the names - my key certification key
>says "KeyCert-only" in the text.
>
>For the problem that started this discussion, though, there's no good solution.
>Since the Bad Guys _can_ encrypt a message to you with your signature key,
>and send it to you by anonymous remailer, they can plant a reason to suspect
>that you may have evidence encrypted with that key.

This will all become (more) academic once PGP3 comes out and Sign-Only keys
would not be usable for Encryption.







Thread