Fwd: crypto flaw in secure mail standards

JanuszA.Urbanowicz JanuszA.Urbanowicz
Tue Jun 26 17:48:01 2001


Anthony E. Greene wrote/napisa=B3[a]:

> On Mon, 25 Jun 2001, David Shaw wrote:
> >After reading the paper, I was thinking about a different way to
> >address the problem: encrypt the clear signature.
>=20
> But how would that stop Bob from misusing that sig later? Using the
> example of the cancelled deal, Bob could still decrypt the sig and the
> document (if necessary) and send the whole package to Charlie to lead
> Charlie to believe that Alice had canceled the Alice/Charlie deal.
Signature Revocation List (akon to Certification Revocation List) checked before believing the document would be an answer. When The deal is off Alice revokes the signature on it. Charlie will check SRL (location of which is attached to the signature) and will see that the signature is no longer valid. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20