Document "Intended Recipient Fingerprint" signature subpacket (!19) · Merge requests · openpgp-wg / rfc4880bis

Daniel Kahn Gillmor requested to merge intended-recipient into master Aug 03, 2019

Use of this subpacket removes some wiggling room for signed+encrypted messages. This can be used to prevent replay attacks, where a signature is taken out of its context and forwarded to a different recipient.

Please see https://0xacab.org/schleuder/schleuder/issues/158 for a complete description of an attack scenario in the context of the Schleuder remailer. The given scenario is solved with this subpacket on the openpgp layer.

See Message-Id: 20180305231951.GA21944@calamity on openpgp@ietf.org (and subsequent messages in that thread) for more discussion.

This is currently implemented in at least two codebases, to the best of my understanding.

Signed-off-by: Daniel Kahn Gillmor dkg@fifthhorseman.net

Document "Intended Recipient Fingerprint" signature subpacket

Merge request reports