Fwd: crypto flaw in secure mail standards
Werner Koch
wk@gnupg.org
Sat Jun 23 16:52:01 2001
|| On Sat, 23 Jun 2001 15:15:08 +0200
|| Ingo Klöcker <ingo.kloecker@epost.de> wrote:
ik> The following message was forwarded to the KMail mailing list. Now I
ik> wonder if the second scenario is possible with PGP/GnuPG, i.e. is it
ik> possible to extract the clear signed message(+signature packet) from an
ik> encrypted&signed message and then re-encrypt the clear signed message
Yes, but it does not matter.
According to the abstract the paper has a serious flaw. It assumes
that signing end encryption addresses one problem. But it does not.
Signing and encryption are 2 entirely different things.
David Howe already wrote on Bugtraq that this attack is very similar
to the physical world with a signature on a letter and an enevelope.
It is pretty easy to put a received signed letter into another
envelope and send it forward. However, only a jerk would rely on a
contract with insufficient information, i.e. a letter which has just
the words "canceled" without naming the subject and the recipient.
The second example is very simliar - encryption alone does not provide
confidentiality. You must trust the recipient of a confidential
information to keep it confidential; this is hard if you have no
pre-established trust in the recipient. Deploying encryption in an
organization can't be done by just using encryption sotware; you have
to reorganize a couple of other things.
ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus