Encouraging email security.
Juan F. Codagnone
juam@arnet.com.ar
Wed May 21 16:14:03 2003
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 20 May 2003 12:10, Mark H. Wood wrote:
> I usually don't have any secrets to hide, but I don't want to be
> misrepresented, and I'd sign everything I send if I wasn't embarrassed to
> have you all find out that I haven't yet collected a single nonself
> signature on my key -- oops! :-/
Another problem i see with email signing, is that the signature only valida=
tes=20
the body, and someone can take ambiguous signed messages and give them=20
another sense (out of the original context). If the people start signing=20
_all_ theirs mails, and sends bodies like `The deal is off', `I love you',=
=20
`Meet me at the bar at 15.00' then a 3rd party can fake the email headers a=
nd=20
forward it. The new recipient will think that the message is valid. IIRC, [=
1]=20
talked about that.=20
While this is not an issue when replying emails, as the original body and=20
sender usually is quoted, it is a possible issue with new emails.
Regards,
Juan.
[1] http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps
=2D --=20
Buenos Aires, Argentina 18=B0C with winds at 9 km=
/h NE
=2D----BEGIN PGP SIGNATURE-----
iD8DBQE+y4mYjSlJEriOToYRAvj3AJ4o92I6i96qQ++Bgq3He/fG9YmWWACg1LLC
gAz9lXJEjsKEvseUz04yhVY=3D
=3DqW1q
=2D----END PGP SIGNATURE-----