GPG PGP S/Mime vulnerability
Tue Aug 7 15:39:02 2001
> I know the example 'you're fired' was very badly chosen. But
> let's say you order something by e-mail, and someone, just to
> bug you, resends your order (with a valid signature), would mean
> that you have two legally binding orders outstanding... instead
> of the one you wanted...
The documents and their signatures are identical, this can (and must)
be detected by the company processing the orders, for example, by
issuing unique order numbers which have to be included in orders.
In fact, a similar thing is already done on paper.
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898