GPG PGP S/Mime vulnerability
Guy Van Sanden
Tue Aug 7 16:03:01 2001
Under ideal surcomstances, yes it should.
But I've already placed orders (without signatures) in the past
via free-form e-mails. In my case, I ordered a computer.
I think that, if they make signed messages legally binding,
someone could take this signed message and resend it to another
store... I could secure myself against this by including things
like the company name in the message, but as I forgot to do so
in the past, a lot of users will to...
>> I know the example 'you're fired' was very badly chosen. But
>> let's say you order something by e-mail, and someone, just to
>> bug you, resends your order (with a valid signature), would mean
>> that you have two legally binding orders outstanding... instead
>> of the one you wanted...
>The documents and their signatures are identical, this can (and
>be detected by the company processing the orders, for example, by
>issuing unique order numbers which have to be included in orders.
>In fact, a similar thing is already done on paper.
>Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
>University of Stuttgart http://cert.uni-stuttgart.de/
>Gnupg-users mailing list