mailing list archives
Re: crypto flaw in secure mail standards
From: Gregory Steuck <greg () nest cx>
Date: Fri, 22 Jun 2001 11:11:41 -0700
The presented attacks look like a hybrid of replay and man in the middle
attacks known for years. I do agree that problems are real and I am
looking forward to reading your paper.
Let me fatasize as to how this can be solved in PGP. One
can include the key id of the intended recepient into the signed
portion of the message. This will clearly state the intended
Below I also propose user level solutions to the problems.
On Fri, Jun 22, 2001 at 10:15:03AM -0500, Don Davis wrote:
Suppose Alice and Bob are business partners, and are setting
up a deal together. Suppose Alice decides to call off the
deal, so she sends Bob a secure-mail message: "The deal is off."
It is very unlikely that Alice won't include a salutation
along the lines of: "Dear Bob". Which makes the message not
very suitable for Charlie. Moreover doesn't PGP signature
include a timestamp? (whether or not it is part of the signed
message is the question I don't know the answer to)
Suppose instead that Alice & Bob are coworkers. Alice uses
secure e-mail to send Bob her sensitive company-internal
sales plan. Bob decides to get his rival Alice fired:
In this case I'm afraid Alice will have to be more careful
and not sign the documents she doesn't have to. Why would
she send a signed internal memo?