Fwd: crypto flaw in secure mail standards

Stefan Berthold dingx@web.de
Sat Jun 23 18:42:02 2001


On Sat, Jun 23, 2001 at 04:49:45PM +0200, Werner Koch wrote:

> || On Sat, 23 Jun 2001 15:15:08 +0200
> || Ingo Kl=F6cker <ingo.kloecker@epost.de> wrote:=20
>=20
> ik> The following message was forwarded to the KMail mailing list. Now=
I=20
> ik> wonder if the second scenario is possible with PGP/GnuPG, i.e. is =
it=20
> ik> possible to extract the clear signed message(+signature packet) fr=
om an=20
> ik> encrypted&signed message and then re-encrypt the clear signed mess=
age=20
>=20
> Yes, but it does not matter.
>=20
> According to the abstract the paper has a serious flaw. It assumes
> that signing end encryption addresses one problem. But it does not.
> Signing and encryption are 2 entirely different things.=20
And isn't there another problem: There's an information when the signature was created - what if I take the mail "The deal is off." that maybe was signed one month before the deal was made? --=20 Stefan Berthold <dingx@web.de> Zivilist in Lauerstellung nicht nur heute unter zahnlosen W=F6lfen FAX/VoiceBox: +49 1212 5 107 47 007