Fwd: crypto flaw in secure mail standards

Don Davis dtd@world.std.com
Mon Jun 25 06:16:02 2001



>On Sun, 24 Jun 2001, David Shaw wrote:
>> It is thus possible for Alice to send a signed and encrypted mail to
>> Bob, Bob decrypts it, recovering the clearsigned message, and then
>> re-encrypts it to Charlie. Charlie will receive the original document
>> with Alice's signature intact.
Anthony Greene replied:
> The encryption in this example is beside the point and in fact is a
> distraction to the primary argument; that signed data can be taken out of
> context, given sufficiently vague data and a forgeable delivery mechanism.
for na=EFve users (my paper's focus), encryption is pivotal: their ignorance of PKI subtleties misleads them into thinking that forwarding a signed-&-encrypted message is impossible, when of course with secure-mail crypto, forwarding is straightforward. with a signed plaintext delivery, Charlie might more readily see and understand that Alice's signed message doesn't refer to him. - don davis, boston -