Fwd: crypto flaw in secure mail standards

[Don Davis]

>On Sun, 24 Jun 2001, David Shaw wrote:
>> It is thus possible for Alice to send a signed and encrypted mail to
>> Bob, Bob decrypts it, recovering the clearsigned message, and then
>> re-encrypts it to Charlie.  Charlie will receive the original document
>> with Alice's signature intact.

Anthony Greene replied:
> The encryption in this example is beside the point and in fact is a
> distraction to the primary argument; that signed data can be taken out of
> context, given sufficiently vague data and a forgeable delivery mechanism.

for na=EFve users (my paper's focus), encryption is pivotal:
their ignorance of PKI subtleties misleads them into
thinking that forwarding a signed-&-encrypted message
is impossible, when of course with secure-mail crypto,
forwarding is straightforward.  with a signed plaintext
delivery, Charlie might more readily see and understand
that Alice's signed message doesn't refer to him.

					- don davis, boston





-