Fwd: crypto flaw in secure mail standards
JanuszA.Urbanowicz
JanuszA.Urbanowicz
Tue Jun 26 17:48:01 2001
Anthony E. Greene wrote/napisa=B3[a]:
> On Mon, 25 Jun 2001, David Shaw wrote:
> >After reading the paper, I was thinking about a different way to
> >address the problem: encrypt the clear signature.
>=20
> But how would that stop Bob from misusing that sig later? Using the
> example of the cancelled deal, Bob could still decrypt the sig and the
> document (if necessary) and send the whole package to Charlie to lead
> Charlie to believe that Alice had canceled the Alice/Charlie deal.
Signature Revocation List (akon to Certification Revocation List) checked
before believing the document would be an answer. When The deal is off Alice
revokes the signature on it. Charlie will check SRL (location of which is
attached to the signature) and will see that the signature is no longer
valid.
Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | =
* =09
; (_O : +-------------------------------------------------------------+ --=
+~|=09
! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no; | | =20