Fwd: crypto flaw in secure mail standards

[Don Davis]

> The suggested fix to make the inner signature somehow tied to the
> outer encryption layer would indeed fix the problem, but it does
> create other interesting issues.  As things stand now, a signed
> document does not have any notion of who it was signed for.  The
> suggested fix would change that so a document would essentially be
> signed "for" somebody.  Presumably implementations would keep the
> ability to sign without tying it to a particular destination key for
> those cases where signing a document for a particular receipent is not
> appropriate.

hi, mr. shaw --

actually, my paper only recommends signing a recipient-list,
when the message is to be encrypted, too.  as you point out,
to force every signed message to include a recipient-list,
would defeat the purpose of many signed messages.

					- don davis, boston






-