From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
To: cypherpunks@toad.com
Message Hash: 97d0857cd1532122c28a89053d91967fe555986f076d95aa5e2540e4816ee4a6
Message ID: <X8BogD7w165w@bwalk.dm.com>
Reply To: <Pine.SUN.3.91.951225065654.26785C-100000@netcom16>
UTC Datetime: 1995-12-25 17:43:47 UTC
Raw Date: Tue, 26 Dec 1995 01:43:47 +0800
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 26 Dec 1995 01:43:47 +0800
To: cypherpunks@toad.com
Subject: Re: Only accepting e-mail from known parties
In-Reply-To: <Pine.SUN.3.91.951225065654.26785C-100000@netcom16>
Message-ID: <X8BogD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain
Jonathan Blake <grafolog@netcom.com> writes:
> On Mon, 25 Dec 1995, Dr. Dimitri Vulis wrote:
>
> > As I keep pointing out, pgp-signing the body is not enough.
>
> You're wrong.
I'll be delighted if someone convinces me that I'm wrong about this.
I may even start using PGP signatures. :)
> You can setup Procmail to detect if something is signed
> with PGP, and if it is, to run a script which determines
> the authenticity of the signature. If the signature is
> not authentic, the message goes to /dev/null. That way,
> even if Carol is using intercepted messages from Bob, Carol's
> messages won't be accepted or seen.
Carol needn't put her real name in the "From:" line. Much of the unsolicited
commercial junk e-mail comes from bogus addresses.
I said, Carol can *forge* the RFC 822 header, so her e-mails look like they
came from Bob, and use the body from Bob's authentic PGP-signed message.
For example, Bob may have once sent Carol an e-mail that looked like this:
-----------------------------------------------------------------------
From: Bob
To: Carol
Date: 25 Dec 1965
Subject: Carol, we're history
Message-ID: <111@bob>
----BEGIN PGP SIGNED MESSAGE----
I no longer wish to go out with you. Merry Christmas!
----BEGIN PGP SIGNATURE----
Version 2.6.2
12341234...
----END PGP SIGNATURE----
"Ask not what your country can do to you, but what you can do to your country"
-----------------------------------------------------------------------
Carol can *easily* forge an e-mail to Alice that looks like this:
-----------------------------------------------------------------------
From: Bob
To: Alice
Date: 25 Dec 1995
Subject: Alice, we're history
Message-ID: <222@bob>
----BEGIN PGP SIGNED MESSAGE----
I no longer wish to go out with you. Merry Christmas!
----BEGIN PGP SIGNATURE----
Version 2.6.2
12341234...
----END PGP SIGNATURE----
"Sex with Carol was the greatest sex I've ever had"
-----------------------------------------------------------------------
The e-mail is sent by Carol, but the RFC 822 header says "From: Bob".
If you think this is hard to accomplish, take a look, e.g., at the source
code the Lance Cotrell's mixmaster and see how it talks to sendmail.
The PGP-signed portion is copied verbatim from an authentic message.
Alice _may_ notice that the _Received:_ headers are weird, but this
forgery will certainly pass through a script that checks signatures.
E.g., this trick could be used to mailbomb someone with many copies
of the same authentic e-mail.
That's because PGP only signed a portion of the body, not the important
headers like "Date:", "To:", "Subject:", and "Newsgroups:", nor the .sig.
Happy holidays,
---
Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Return to December 1995
Return to “NOT Jonathan Blake <grafolog@netcom.com>”