Fwd: crypto flaw in secure mail standards

Anthony E. Greene agreene@pobox.com
Mon Jun 25 06:00:01 2001


On Sun, 24 Jun 2001, David Shaw wrote:

>Mr. Davis's paper points out that OpenPGP (and hence GnuPG) signs and
>encrypts documents by essentially clearsigning the document, then
>wrapping the clearsigned document in a layer of encryption.
>
>It is thus possible for Alice to send a signed and encrypted mail to
>Bob, Bob decrypts it, recovering the clearsigned message, and then
>re-encrypts it to Charlie. Charlie will receive the original document
>with Alice's signature intact.
The encryption in this example is beside the point and in fact is a distraction to the primary argument; that signed data can be taken out of context, given sufficiently vague data and a forgeable delivery mechanism.
>It is an interesting attack, but it is really more of a social attack
>than a crypto attack.
Agreed. Tony -- Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/> PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Chat: AOL/Yahoo: TonyG05 MSN: te_greene Linux. The choice of a GNU Generation. <http://www.linux.org/>