Fwd: crypto flaw in secure mail standards
Don Davis
dtd@world.std.com
Mon Jun 25 06:16:02 2001
>On Sun, 24 Jun 2001, David Shaw wrote:
>> It is thus possible for Alice to send a signed and encrypted mail to
>> Bob, Bob decrypts it, recovering the clearsigned message, and then
>> re-encrypts it to Charlie. Charlie will receive the original document
>> with Alice's signature intact.
Anthony Greene replied:
> The encryption in this example is beside the point and in fact is a
> distraction to the primary argument; that signed data can be taken out of
> context, given sufficiently vague data and a forgeable delivery mechanism.
for na=EFve users (my paper's focus), encryption is pivotal:
their ignorance of PKI subtleties misleads them into
thinking that forwarding a signed-&-encrypted message
is impossible, when of course with secure-mail crypto,
forwarding is straightforward. with a signed plaintext
delivery, Charlie might more readily see and understand
that Alice's signed message doesn't refer to him.
- don davis, boston
-