mailing list archives
Re: crypto flaw in secure mail standards
From: Jim Halfpenny <jim () openanswers co uk>
Date: Mon, 25 Jun 2001 09:59:27 +0100 (BST)
Yes - An expert witness should (and presumably would) reduce the document
to just its signed portion and say "this, and only this, is what Alice
signed; there is no evidence who sent this where, as that was done after the
document was signed"
Does this then suggest there is a potential abuse of trust vulnerability
if digital signatures are used to provide non-repudiation in such
transactions? If you digitally sign a message with a signature stamped at
a significantly earlier date, you could use this as a defense to reduce
the integrity of the signature.
Establishing reasonable doubt could drastically alter the outcome of a
legal hearing, especially if the original message was deliberately made
vague, insofar as the intended recipient is ambiguous, so as to make this
form of attack seem plausible.