Fwd: crypto flaw in secure mail standards

Don Davis dtd@world.std.com
Mon Jun 25 05:01:01 2001



> The suggested fix to make the inner signature somehow tied to the
> outer encryption layer would indeed fix the problem, but it does
> create other interesting issues. As things stand now, a signed
> document does not have any notion of who it was signed for. The
> suggested fix would change that so a document would essentially be
> signed "for" somebody. Presumably implementations would keep the
> ability to sign without tying it to a particular destination key for
> those cases where signing a document for a particular receipent is not
> appropriate.
hi, mr. shaw -- actually, my paper only recommends signing a recipient-list, when the message is to be encrypted, too. as you point out, to force every signed message to include a recipient-list, would defeat the purpose of many signed messages. - don davis, boston -