cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-07-14 - Re: Execution of signed scripts received by e-mail

Header Data

From: “Mark M.” <markm@voicenet.com>
To: Steffen Zahn <zahn@berlin.snafu.de>
Message Hash: ed3d8584d0c1ba9d3ca29c3fea68a9d1e4e031c5042b87e9c5be3720efce74b2
Message ID: <Pine.LNX.3.94.960713180741.2563A-100000@gak>
Reply To: <199607131624.SAA01131@zahn.berlin.snafu.de>
UTC Datetime: 1996-07-14 04:15:43 UTC
Raw Date: Sun, 14 Jul 1996 12:15:43 +0800

Raw message

From: "Mark M." <markm@voicenet.com>
Date: Sun, 14 Jul 1996 12:15:43 +0800
To: Steffen Zahn <zahn@berlin.snafu.de>
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <199607131624.SAA01131@zahn.berlin.snafu.de>
Message-ID: <Pine.LNX.3.94.960713180741.2563A-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713593.multipart/signed"

--Boundary..3943.1071713593.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Sat, 13 Jul 1996, Steffen Zahn wrote:

> I suggest ignoring Reply-To: etc and requiring a return address inside
> the signed region of the mail, otherwise someone could intercept the mail
> (suppressing the original) and resend it from his account and the results
> would get sent to the interceptor.

I agree.  Having a return address outside the signature allows for denial-of-
service attacks and it would be trivial to intercept the output of the script.
Definitely not a Good Thing.

>  Another idea would be to extract the return address from the PGP userid
> which signed the script.

There are a couple of problems with this idea:

	- The security of this scheme depends on trusting the user to sign her
	key.  If the user doesn't, than an attacker can intercept the user's
	key and alter the key ID.

	- Even if the user does sign her key, there is still the problem of
	an attacker being able to generate a key with an identical key ID and
	and a different user ID.  If the attacker has the ability to intercept
	and modify messages, a MITM attack would be very effective.  If the
	key's fingerprint was included in the signed message, an MITM attack
	would be necessary to subvert the system.

If the key's fingerprint is included in the message, then it certainly wouldn't
take much more effort to put a return address in the signed body of the
message.

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_



--Boundary..3943.1071713593.multipart/signed
Content-Type: application/octet-stream; name="pgp00002.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00002.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VCTWVnZ2lMWmMrc3Y1c2l1bEFRR09Hd1FBaXNkc0J6Zzc4UE5X
TzAvbGtYWnh4TlZuSnRBTUQweW4KRk9nczRoWEFDUXA0NkNoOUdEOU84d3ox
RzNwNUpmbWdYUFV6emFzOS9qalZZUCtvdmNWODg3cWdycDNucHQ4NQptZFB4
Z0JnbFhCak9Gdkp6eU9XVUhYc094RzRMYkp4MmtkZGx4WjhZOC9RazJ6OC9u
YVBxM0xySW5NUDhsVnF5CnBXdnQrUitubk9rPQo9a3J3SgotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713593.multipart/signed--

Thread