The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools


Surreptitious Forwarding

This is an interesting criticism of the simple way PGP deals with encryption and signing:

* Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML

PGP really only does two things; encryption for privacy and signatures for authentication. It wouldn't really make sense to encrypt something first then sign it. The signature would mean something odd. It would be possible to sign something without any knowledge of the contents of the encrypted message. Normally a signature means that the signer knows what they are signing and certifies it as their own. Signing first and then encrypting the result allows that to be true and is what PGP does.

The writer of the article in question claims that PGP has a weakness because of the possibility of surreptitious forwarding. One of the examples given covers the case where you might use PGP to sign, encrypt and then send someone the message:

I love you.

That someone could then decrypt the message with signature, reencrypt it and then send it to someone else. Since it has your signature the writer suggests that that someone else would then be misinformed about your feelings toward them. This suggestion ignores the cultural context.

Email was set up to be an analogy of the preexisting and well known physical paper mail system. So we have a to and from “address”, a “subject” line, the “carbon copy” (CC), “attachments” and so on. PGP continues to follow this analogy by adding privacy (the envelope) and signatures.

The writer would have us believe that an analogy based system could be inherently confusing when it is slavishly following a well known analogy. If someone sent you a letter that contained a signed message you would immediately understand that the message might of been forwarded. A signature only indicates who a message is from. It does not have anything to do with who it is to.

The writer also implicitly suggests that someone who understood and believed in the value of cryptographic signatures could be fooled in this way. Such people must be very rare.

If we can assume that the awesome power of the signature will not actually distract from everything else:

  • The email is from you. The ultimate recipient is going to ask you about it. So you find out right away.
  • You will in most cases know exactly who did the forwarding.
  • You will normally have a copy of the message you sent.
  • The email servers will have logs showing when and where you sent the message and who forwarded it.
pgpfan/forwarding.txt · Last modified: 2021/01/20 02:39 by b.walzer