GPG PGP S/Mime vulnerability
Ben . Wise
bwise@collab2.sito.saic.com
Fri Aug 3 14:53:01 2001
Folks,
The solution to this is the same as with physical
signatures: do not sign ambiguous documents!
You would never sign a document saying "I sell my house to you",
you would only sign something like "I, Joe Smith, sell my
house, 123 Main St., Nowhere PA, to Jane Doe for $150,000,
effective 1/1/2001".
BTW, no one with any common sense would trust such an
ambiguous document as "You're FIRED!", even if it was
signed. There is no evidence at all that it was addressed
to the recipient - it's just too ambiguous.
Similary with the "I sell my house to you": no court would
even consider it - it's just too ambiguous.
With the best technology, we still need common sense
on both ends of the communication channel.
-----Original Message-----
From: Guy Van Sanden
To: GnuPG Users
Sent: 8/3/2001 6:47 AM
Subject: GPG PGP S/Mime vulnerability
I've read through Don Davis' whitepaper about the disadvanteges of the
current sign (and encrypt) features in all common standards to do so.
His basic reasoning (and I've tried it, it works!) is:
I send a signed message to someone stating "you're fired". He gets
angry and decides to get even with another collegue...
Using SMPT he puts my address in the from header, then pastes the
entire source of my signed message to him in the body (including the
signatures), and sends it of to someone else...
That last person opens a message, which he thinks comes from me, and
trusts the contents because the signature is verified!
More info is over here:
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps
Kind regards
Guy
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users