GPG PGP S/Mime vulnerability
Anthony E. Greene
Fri Aug 3 14:28:02 2001
On Fri, 3 Aug 2001, Guy Van Sanden wrote:
>I've read through Don Davis' whitepaper about the disadvanteges of the
>current sign (and encrypt) features in all common standards to do so.
>His basic reasoning (and I've tried it, it works!) is:
>I send a signed message to someone stating "you're fired". He gets
>angry and decides to get even with another collegue...
>Using SMPT he puts my address in the from header, then pastes the
>entire source of my signed message to him in the body (including the
>signatures), and sends it of to someone else...
>That last person opens a message, which he thinks comes from me, and
>trusts the contents because the signature is verified!
And if I did that to you with a paper letter, would that indicate a
problem with envelopes or the postal mail system? No. Fixing this is as
simple as identifying the recipient within the message itself... as is
typical in paper mail, but not in electronic mail.
This is not a cryptography problem, it is a human communications problem.
The author and I discussed this very thoroughly before he presented this
paper at USENIX.
Anthony E. Greene <email@example.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU Generation. <http://www.linux.org/>