--- Original message --- From: "Trevor Perrin" <[email protected]> Date: 17 August 2015, 23:29:36
>Bob doesn't know if he was Alice's intended recipient. >Bob just knows Alice sent the message to someone (because she signed it), and >someone encrypted it to him. >Trevor Alice can include the Bob's (recipient) identity to message before signing, then encrypt for Bob. In this case Bob was ensure that this message was composed for Bob, not for someone other. But problem is loss of deniability after Bob disclosed his privat key (or leaks occures). The fact is Alica wrote this for Bob. There are some one-pass deniable authentication schemes (for examples, nida [1]) but I dont know about this with using PGP containers. Van. [1] http://torfone.org/download/nida.pdf
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
