Standard weakness: surreptitious forwarding

[Johann Thomas]

0. Source of information
I was pointed to this information by subscribers to the enigmail mailing 
list (http://enigmail.mozdev.org/).

1. surreptitious forwarding means:
a recipient B may change a received message from sender A so that he can 
forward it to another recipient C leting C suppose he is the intended 
recipient.

2. Short explanation for the weakness of sign than encrypt:
1st think of sign as the signing of a letter/paper written with a pen. 
The encrypting is the same as putting the letter in an envelope. B may 
change the envelope a send/forward the letter to C confuseing him/her.

3. Short explanation for the weakness of encrypt than sign:
B receives a letter with a signed envelope. He opens the envelope and 
puts another letter in it with a different message.

Links:
*Defective Sign & Encrypt in S/MIME, **PKCS#7, MOSS, PEM, PGP, and XML:* 
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html

Mailing list:


  Archive of ietf-openpgp, by date 
  http://www.imc.org/ietf-openpgp/mail-archive/maillist.html


Johann Thomas