GPG PGP S/Mime vulnerability

[Florian Weimer]

sienix@crosswinds.net writes:

> I know the example 'you're fired' was very badly chosen.  But
> let's say you order something by e-mail, and someone, just to
> bug you, resends your order (with a valid signature), would mean
> that you have two legally binding orders outstanding... instead
> of the one you wanted...

The documents and their signatures are identical, this can (and must)
be detected by the company processing the orders, for example, by
issuing unique order numbers which have to be included in orders.

In fact, a similar thing is already done on paper.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898