Fwd: crypto flaw in secure mail standards

[Stefan Berthold]

On Sat, Jun 23, 2001 at 04:49:45PM +0200, Werner Koch wrote:
>  || On Sat, 23 Jun 2001 15:15:08 +0200
>  || Ingo Kl=F6cker <ingo.kloecker@epost.de> wrote:=20
>=20
>  ik> The following message was forwarded to the KMail mailing list. Now=
 I=20
>  ik> wonder if the second scenario is possible with PGP/GnuPG, i.e. is =
it=20
>  ik> possible to extract the clear signed message(+signature packet) fr=
om an=20
>  ik> encrypted&signed message and then re-encrypt the clear signed mess=
age=20
>=20
> Yes, but it does not matter.
>=20
> According to the abstract the paper has a serious flaw.  It assumes
> that signing end encryption addresses one problem.  But it does not.
> Signing and encryption are 2 entirely different things.=20

And isn't there another problem: There's an information when the
signature was created - what if I take the mail "The deal is off."
that maybe was signed one month before the deal was made?

--=20
Stefan Berthold <dingx@web.de>
Zivilist in Lauerstellung
nicht nur heute unter zahnlosen W=F6lfen
FAX/VoiceBox: +49 1212 5 107 47 007