On Thu, Aug 13, 2015 at 9:17 AM, Mansour Moufid <[email protected]> wrote: > Hi everyone, > > Is there an alternative to the OpenPGP message format? > > There are three problems with OpenPGP, that I understand: metadata; [1] > format oracles; [2] and difficulty of implementation. [3] > > There are many more problems
Another thing to be careful about with (PGP, S/MIME, JOSE, XML-Security) is that it's up to you to compose public-key signing and public-key encryption. It's not always easy to figure out whether to sign-then-encrypt or encrypt-then-sign, and what other checks to add. http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html For example, even if you follow Don Davis' advice and do sign-then-encrypt with the signature covering the recipient's name, you probably don't get a guarantee that the sender and receiver know the other's correct public key (maybe a different public key verifying the signature could be cooked up with "duplicate signature key selection", or maybe the sender encrypted to a public key that is equivalent to the recipient's but not identical). Not a huge deal, usually. But it would be nice if crypto protocols like this provided simpler APIs with clearer semantics, particularly for the common case of sending a message from keypair A to keypair B. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
