Fwd: crypto flaw in secure mail standards

David Shaw dshaw@jabberwocky.com
Mon Jun 25 18:09:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 25, 2001 at 11:21:07AM -0400, Anthony E. Greene wrote:

> On Mon, 25 Jun 2001, David Shaw wrote:
> >After reading the paper, I was thinking about a different way to
> >address the problem: encrypt the clear signature.
> But how would that stop Bob from misusing that sig later? Using the
> example of the cancelled deal, Bob could still decrypt the sig and the
> document (if necessary) and send the whole package to Charlie to lead
> Charlie to believe that Alice had canceled the Alice/Charlie deal.
I think I wasn't clear in my email. The hypothetical encrypted sig would of course contain the key id(s) of who it was signed to in the signed material. :) It is similar to Don Davis' suggestion to include a receipient list in the signed material. The main difference is that I'm suggesting making it an option for clearsigned documents, and making it possible to have the sign-to key be different than the encrypt-to key. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------= -+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --PuGuTyElPB9bOcsM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBOzdhhoccwqs8s7QVAQFy7gf+OeE8gWpahZFDBiAWLT9CE1+zBLWl8P49 ZZLu3E8WqQMMxyc8cS6oayocA1WOwCyPOAj5IFeey82Ls5lhiVTDypBqO8W7dzQm TblUA3nGPR+wa1jxj1byg7UZjHJ8vtiKfyU8EGcaYMsTxWX3v3dzyKf3NCBBTMGc kbMB2DqsQVoycVcZG5h6yXEHn9uXgCLV3stXvl1e2In4xznuLqzXhSZCQuNnVjjW lvqJ8WvWa0B/vRnUyOYmV441Z5jWi/eR03oy12cRqZrAaEJpR1KUH449lDxhfS8z dlu5HpwAWKxpu+LnUZDjeupHZGxiKh/ZU6Hh0aEgVJrhraDtpqQtBA== =AAFj -----END PGP SIGNATURE----- --PuGuTyElPB9bOcsM--