Document "Intended Recipient Fingerprint" signature subpacket
Use of this subpacket removes some wiggling room for signed+encrypted messages. This can be used to prevent replay attacks, where a signature is taken out of its context and forwarded to a different recipient.
Please see https://0xacab.org/schleuder/schleuder/issues/158 for a complete description of an attack scenario in the context of the Schleuder remailer. The given scenario is solved with this subpacket on the openpgp layer.
See Message-Id: 20180305231951.GA21944@calamity on openpgp@ietf.org (and subsequent messages in that thread) for more discussion.
This is currently implemented in at least two codebases, to the best of my understanding.
Signed-off-by: Daniel Kahn Gillmor dkg@fifthhorseman.net