Fwd: crypto flaw in secure mail standards
Anthony E. Greene
Mon Jun 25 06:00:01 2001
On Sun, 24 Jun 2001, David Shaw wrote:
>Mr. Davis's paper points out that OpenPGP (and hence GnuPG) signs and
>encrypts documents by essentially clearsigning the document, then
>wrapping the clearsigned document in a layer of encryption.
>It is thus possible for Alice to send a signed and encrypted mail to
>Bob, Bob decrypts it, recovering the clearsigned message, and then
>re-encrypts it to Charlie. Charlie will receive the original document
>with Alice's signature intact.
The encryption in this example is beside the point and in fact is a
distraction to the primary argument; that signed data can be taken out of
context, given sufficiently vague data and a forgeable delivery mechanism.
>It is an interesting attack, but it is really more of a social attack
>than a crypto attack.
Anthony E. Greene <email@example.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05 MSN: te_greene
Linux. The choice of a GNU Generation. <http://www.linux.org/>