GPG PGP S/Mime vulnerability

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
Tue Aug 7 15:39:02 2001 writes:

> I know the example 'you're fired' was very badly chosen. But
> let's say you order something by e-mail, and someone, just to
> bug you, resends your order (with a valid signature), would mean
> that you have two legally binding orders outstanding... instead
> of the one you wanted...
The documents and their signatures are identical, this can (and must) be detected by the company processing the orders, for example, by issuing unique order numbers which have to be included in orders. In fact, a similar thing is already done on paper. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart RUS-CERT +49-711-685-5973/fax +49-711-685-5898