GPG PGP S/Mime vulnerability

Guy Van Sanden sienix@crosswinds.net
Tue Aug 7 16:03:01 2001


Under ideal surcomstances, yes it should.
But I've already placed orders (without signatures) in the past
via free-form e-mails.  In my case, I ordered a computer.

I think that, if they make signed messages legally binding,
someone could take this signed message and resend it to another
store...  I could secure myself against this by including things
like the company name in the message, but as I forgot to do so
in the past, a lot of users will to...


>sienix@crosswinds.net writes:
>
>> I know the example 'you're fired' was very badly chosen. But
>> let's say you order something by e-mail, and someone, just to
>> bug you, resends your order (with a valid signature), would mean
>> that you have two legally binding orders outstanding... instead
>> of the one you wanted...
>
>The documents and their signatures are identical, this can (and
must)
>be detected by the company processing the orders, for example, by
>issuing unique order numbers which have to be included in orders.
>
>In fact, a similar thing is already done on paper.
>
>--
>Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
>University of Stuttgart http://cert.uni-stuttgart.de/
>RUS-CERT +49-711-685-5973/fax
+49-711-685-5898
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>