Fwd: crypto flaw in secure mail standards

David Shaw dshaw@jabberwocky.com
Mon Jun 25 06:22:01 2001 

--jho1yZJdad60DJr+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jun 24, 2001 at 11:58:35PM -0400, Anthony E. Greene wrote:

> On Sun, 24 Jun 2001, David Shaw wrote:

> >Mr. Davis's paper points out that OpenPGP (and hence GnuPG) signs and

> >encrypts documents by essentially clearsigning the document, then

> >wrapping the clearsigned document in a layer of encryption.

> >

> >It is thus possible for Alice to send a signed and encrypted mail to

> >Bob, Bob decrypts it, recovering the clearsigned message, and then

> >re-encrypts it to Charlie.  Charlie will receive the original document

> >with Alice's signature intact.

>=20

> The encryption in this example is beside the point and in fact is a

> distraction to the primary argument; that signed data can be taken out of

> context, given sufficiently vague data and a forgeable delivery mechanism.


I think the point of the encryption in the example was to show how a
user could be confused.

Everyone understands what a (clear)signed document is and that it can
be forwarded by the recipient to someone else without harming the
signature.  The idea behind a sign-and-encrypt is that it goes *to
someone*.  The user's assumption may well be that since the document
can only be read by the recipient, then the signed data can only be
used by them as well.

Obviously this is completely incorrect, but I can see how a user could
think that way.

Somebody on another list pointed out that this situation was exactly
like the real-world analog of a signed document in an envelope.  If
you sign something and put it in an envelope, nothing stops the
recipient from opening the envelope and re-sending the signed contents
to someone else.


> >It is an interesting attack, but it is really more of a social attack

> >than a crypto attack.

>=20

> Agreed.


David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--jho1yZJdad60DJr+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBOza8B4ccwqs8s7QVAQFu5wf6A1aXFMmWdvS4uTQj/FlCoMN2v7lENLxw
4tUOB1BvjsYG6HqJOyY3mMOVaeKSUM5sw7odqyc8Bow5Q1JInvX877/EJih+Iv7O
b7D2w1LTnobEBhqMGkWiHvxq+dkozm0PMXDvygoZInUKFDEWf/YtA9SKYeTQ2aaA
8ojQJU25L4X0afPWIRAVL8QH3jHpNTvbkmZVuwJsgv3OWHGtPUtJXCvNZVFgRAwf
+h5rBZ1qDER+35Ye6azS3oBYROhk6jw7sMSz9u+DQy4bBtvnChIrTtJj40DvnIrc
edP1/SbHvMRhwuYP08wAAvHODdUv3K5yYcd/YEEDc4PhJz9+L1v8xg==
=r5x1
-----END PGP SIGNATURE-----

--jho1yZJdad60DJr+--