From: Eric Murray <ericm@lne.com>
To: grafolog@netcom.com (Jonathan Blake)
Message Hash: 63325c8d58c8dd5bc2e7e7844564aa41337e57f997e0db897806fb0c7b034bf3
Message ID: <199512251710.JAA08899@slack.lne.com>
Reply To: <Pine.SUN.3.91.951225065654.26785C-100000@netcom16>
UTC Datetime: 1995-12-25 17:35:48 UTC
Raw Date: Tue, 26 Dec 1995 01:35:48 +0800
From: Eric Murray <ericm@lne.com>
Date: Tue, 26 Dec 1995 01:35:48 +0800
To: grafolog@netcom.com (Jonathan Blake)
Subject: Re: Only accepting e-mail from known parties
In-Reply-To: <Pine.SUN.3.91.951225065654.26785C-100000@netcom16>
Message-ID: <199512251710.JAA08899@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain
> On Mon, 25 Dec 1995, Dr. Dimitri Vulis wrote:
>
> > As I keep pointing out, pgp-signing the body is not enough.
>
> You're wrong.
He's right.
> You can setup Procmail to detect if something is signed
> with PGP, and if it is, to run a script which determines
> the authenticity of the signature. If the signature is
> not authentic, the message goes to /dev/null. That way,
> even if Carol is using intercepted messages from Bob, Carol's
> messages won't be accepted or seen.
Ok. If I want to get my email ad for the Ronco turnip-twaddler past a filter
like that, all I need to do is to create a PGP key with
a user name that's the same as one that the victim already
receives.
i.e. if I know that joe@blort.com exchanges email with phred@none.net, then
I just create a PGP key with the name "phred@none.net", and sign
the turnip-twaddler ad with that. It'd have a valid signature, and
one coming from Joe's friend phred. Mail accepted.
In addition to checking for a valid signature, the filtering software
would have to also check the PGP key id of the key used. It would
also need to make sure that there is ONLY PGP-signed content in the
mail. Otherwise Mallet could grab an innocuous mail message that
Phred signed and included it at the bottom of the turnip-twaddler ad.
It wouldn't make sense (although that might be usual with Phred), but it'd
contain a valid signature from Phred, and therefore get the ad
past the filter.
I'm sure there's other caveats, these are just the ones I can think of now.
I wish all Cypherpunks a Merry Christmas. I hope Santa brought you
all something nice, like a fast new stream cipher, a new key exchange
protocol, or maybe a note from the Fedz saying that ITAR has been lifted.
--
Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Return to December 1995
Return to “NOT Jonathan Blake <grafolog@netcom.com>”