From: mdeindl@vnet.ibm.com ((Michael Deindl))
To: N/A
Message Hash: 4a598640bc2cf0cd1021a5d03c3e1aa751847d85e5753cdaa66a35981b4ba0fd
Message ID: <MDEINDL.96Jan16102948@standalone.vnet.ibm.com>
Reply To: <199601030407.UAA12551@comsec.com>
UTC Datetime: 1996-01-18 07:05:40 UTC
Raw Date: Thu, 18 Jan 1996 15:05:40 +0800
From: mdeindl@vnet.ibm.com ((Michael Deindl))
Date: Thu, 18 Jan 1996 15:05:40 +0800
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <MDEINDL.96Jan16102948@standalone.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain
>>>>> Christopher R Key <ckey2@eng.ua.edu> writes:
> First of all, if the recipient is a newsgroup, why
> would that particular information need to be part of the signed
> information?
E.g. if I post some Emacs-worshipping to alt.religion.emacs --- fine.
But if someone forwards this to some serious comp.editor group, maybe
some people don't understand the jokes...
Only one example why it can be neccessarry to include the context
(e.g. the recipient) into the signature.
> If you post to a newsgroup a message that is only
> signed (as opposed to encrypted also), then you are obviously not
> worried about who reads it.
The question is not if I care who reads it. The question is in which
context (i.e. in which newsgroup) someone reads it.
> The signature is only a method of
> proving that the important text (message) is unchanged and intact,
> and that the person who it is supposed to be from is the same who
> signed it.
Probably many people don't make this destinction between the message
and the context. And additionally: I can only proove that someone
forwarded my message to a wrong context, when the context is signed,
too.
Sure, I can include context-information manually, but when we want as
many people as possible using strong-crypto, it should be as
fool-proof as possible.
Therefore I think it would be a good idea to include the context into
the signature.
> Secondly, if you are sending email to some one and sign it using
> pgp, wouldn't that person need pgp to prove that in fact you did
> sign it? Then it can be reasonable that if that person has pgp to
> prove the signature, that person has pgp to decrypt mail sent to
> them. Simply sign you message and encrypt it using that person's
> public key.
{SNIP}
Then the receipient decrypts the message, encrypts it under another
person's public-key and forwards it to them. And so the context has
changed, while my signature is still valid.....
Have a nice day!
Michael Deindl
--
DISCLAIMER: My oppinions are my own, not those of my employer IBM.
Return to January 1996
Return to “Rich Graves <llurch@Networking.Stanford.EDU>”