GPG PGP S/Mime vulnerability

Guy Van Sanden
Tue Aug 7 16:03:01 2001

Under ideal surcomstances, yes it should.
But I've already placed orders (without signatures) in the past
via free-form e-mails.  In my case, I ordered a computer.

I think that, if they make signed messages legally binding,
someone could take this signed message and resend it to another
store...  I could secure myself against this by including things
like the company name in the message, but as I forgot to do so
in the past, a lot of users will to...

> writes:
>> I know the example 'you're fired' was very badly chosen. But
>> let's say you order something by e-mail, and someone, just to
>> bug you, resends your order (with a valid signature), would mean
>> that you have two legally binding orders outstanding... instead
>> of the one you wanted...
>The documents and their signatures are identical, this can (and
>be detected by the company processing the orders, for example, by
>issuing unique order numbers which have to be included in orders.
>In fact, a similar thing is already done on paper.
>Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
>University of Stuttgart
>RUS-CERT +49-711-685-5973/fax
>Gnupg-users mailing list