Fwd: crypto flaw in secure mail standards

David Shaw dshaw@jabberwocky.com
Mon Jun 25 06:22:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jun 24, 2001 at 11:58:35PM -0400, Anthony E. Greene wrote:

> On Sun, 24 Jun 2001, David Shaw wrote:
> >Mr. Davis's paper points out that OpenPGP (and hence GnuPG) signs and
> >encrypts documents by essentially clearsigning the document, then
> >wrapping the clearsigned document in a layer of encryption.
> >
> >It is thus possible for Alice to send a signed and encrypted mail to
> >Bob, Bob decrypts it, recovering the clearsigned message, and then
> >re-encrypts it to Charlie. Charlie will receive the original document
> >with Alice's signature intact.
> The encryption in this example is beside the point and in fact is a
> distraction to the primary argument; that signed data can be taken out of
> context, given sufficiently vague data and a forgeable delivery mechanism.
I think the point of the encryption in the example was to show how a user could be confused. Everyone understands what a (clear)signed document is and that it can be forwarded by the recipient to someone else without harming the signature. The idea behind a sign-and-encrypt is that it goes *to someone*. The user's assumption may well be that since the document can only be read by the recipient, then the signed data can only be used by them as well. Obviously this is completely incorrect, but I can see how a user could think that way. Somebody on another list pointed out that this situation was exactly like the real-world analog of a signed document in an envelope. If you sign something and put it in an envelope, nothing stops the recipient from opening the envelope and re-sending the signed contents to someone else.
> >It is an interesting attack, but it is really more of a social attack
> >than a crypto attack.
> Agreed.
David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------= -+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --jho1yZJdad60DJr+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBOza8B4ccwqs8s7QVAQFu5wf6A1aXFMmWdvS4uTQj/FlCoMN2v7lENLxw 4tUOB1BvjsYG6HqJOyY3mMOVaeKSUM5sw7odqyc8Bow5Q1JInvX877/EJih+Iv7O b7D2w1LTnobEBhqMGkWiHvxq+dkozm0PMXDvygoZInUKFDEWf/YtA9SKYeTQ2aaA 8ojQJU25L4X0afPWIRAVL8QH3jHpNTvbkmZVuwJsgv3OWHGtPUtJXCvNZVFgRAwf +h5rBZ1qDER+35Ye6azS3oBYROhk6jw7sMSz9u+DQy4bBtvnChIrTtJj40DvnIrc edP1/SbHvMRhwuYP08wAAvHODdUv3K5yYcd/YEEDc4PhJz9+L1v8xg== =r5x1 -----END PGP SIGNATURE----- --jho1yZJdad60DJr+--