GPG PGP S/Mime vulnerability

Ben . Wise
Fri Aug 3 14:53:01 2001


The solution to this is the same as with physical
signatures: do not sign ambiguous documents!

You would never sign a document saying "I sell my house to you",
you would only sign something like "I, Joe Smith, sell my
house, 123 Main St., Nowhere PA, to Jane Doe for $150,000,
effective 1/1/2001".

BTW, no one with any common sense would trust such an
ambiguous document as "You're FIRED!", even if it was 
signed. There is no evidence at all that it was addressed
to the recipient - it's just too ambiguous.

Similary with the "I sell my house to you": no court would
even consider it - it's just too ambiguous.

With the best technology, we still need common sense
on both ends of the communication channel. 

-----Original Message-----
From: Guy Van Sanden
To: GnuPG Users
Sent: 8/3/2001 6:47 AM
Subject: GPG PGP S/Mime vulnerability

I've read through Don Davis' whitepaper about the disadvanteges of the 
current sign (and encrypt) features in all common standards to do so.

His basic reasoning (and I've tried it, it works!) is:
I send a signed message to someone stating "you're fired".  He gets 
angry and decides to get even with another collegue...
Using SMPT he puts my address in the from header, then pastes the 
entire source of my signed message to him in the body (including the 
signatures), and sends it of to someone else...

That last person opens a message, which he thinks comes from me, and 
trusts the contents because the signature is verified!

More info is over here:

Kind regards


Gnupg-users mailing list