[messaging] alternative to OpenPGP?
Trevor Perrin
trevp at trevp.net
Fri Aug 14 15:00:46 PDT 2015
On Thu, Aug 13, 2015 at 9:17 AM, Mansour Moufid <mansourmoufid at gmail.com> wrote:
> Hi everyone,
>
> Is there an alternative to the OpenPGP message format?
>
> There are three problems with OpenPGP, that I understand: metadata; [1]
> format oracles; [2] and difficulty of implementation. [3]
>
> There are many more problems
Another thing to be careful about with (PGP, S/MIME, JOSE,
XML-Security) is that it's up to you to compose public-key signing and
public-key encryption. It's not always easy to figure out whether to
sign-then-encrypt or encrypt-then-sign, and what other checks to add.
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
For example, even if you follow Don Davis' advice and do
sign-then-encrypt with the signature covering the recipient's name,
you probably don't get a guarantee that the sender and receiver know
the other's correct public key (maybe a different public key verifying
the signature could be cooked up with "duplicate signature key
selection", or maybe the sender encrypted to a public key that is
equivalent to the recipient's but not identical).
Not a huge deal, usually. But it would be nice if crypto protocols
like this provided simpler APIs with clearer semantics, particularly
for the common case of sending a message from keypair A to keypair B.
Trevor
More information about the Messaging
mailing list