From: Matt Carpenter <mcarpent@Dusk.obscure.net>
To: markm@voicenet.com (Mark M.)
Message Hash: 1fff6cb39da4f9955d9ef160bad0538cab39615afc61988aa596d7369b66fcea
Message ID: <199607141037.FAA01283@Dusk.obscure.net>
Reply To: <Pine.LNX.3.94.960713180741.2563A-100000@gak>
UTC Datetime: 1996-07-14 14:03:59 UTC
Raw Date: Sun, 14 Jul 1996 22:03:59 +0800
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Sun, 14 Jul 1996 22:03:59 +0800
To: markm@voicenet.com (Mark M.)
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <Pine.LNX.3.94.960713180741.2563A-100000@gak>
Message-ID: <199607141037.FAA01283@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Mark M. <markm@voicenet.com> writes:
>
> On Sat, 13 Jul 1996, Steffen Zahn wrote:
>
> > I suggest ignoring Reply-To: etc and requiring a return address inside
> > the signed region of the mail, otherwise someone could intercept the mail
> > (suppressing the original) and resend it from his account and the results
> > would get sent to the interceptor.
>
> I agree. Having a return address outside the signature allows for denial-o=
> f-
> service attacks and it would be trivial to intercept the output of the scri=
> pt.
> Definitely not a Good Thing.
>
> > Another idea would be to extract the return address from the PGP userid
> > which signed the script.
>
> There are a couple of problems with this idea:
>
> - The security of this scheme depends on trusting the user to sign her
> key. If the user doesn't, than an attacker can intercept the user's
> key and alter the key ID.
>
> - Even if the user does sign her key, there is still the problem of
> an attacker being able to generate a key with an identical key ID and
> and a different user ID. If the attacker has the ability to intercept
> and modify messages, a MITM attack would be very effective. If the
> key's fingerprint was included in the signed message, an MITM attack
> would be necessary to subvert the system.
>
> If the key's fingerprint is included in the message, then it certainly woul=
> dn't
> take much more effort to put a return address in the signed body of the
> message.
Those are both very good ideas. I'll have it require both the return
address and key fingerprint in the signed portion of the message.
>
>-- Mark
Thanks for the suggestions.
- --Matt
- --
mcarpent@mailhost.tcs.tulane.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMejMPCjtJAMyBnp9AQFWhAf+PJkWptoICREg2a0Er6aHXPaNGzsERqad
dovSi5D8qByIzvr1ge0sjGxDAIaLXGjH4XMEAEjr+lZQI7jVa3f5wnGQRVneqbXB
sEI+Oh+3EnWut+hCAsr+PDIcRb1kLsp9v/rGhVxQkYhsLTJ55RDv5YYXVWxmB0ye
zfsuERnh6+V/q3FLs7UgAn7OjdpD3NiuFizUI4li4M03o3yT9dbecmkv0pvdeOV4
2GEHnX4WhZpmqviWHcqNkjmhcFN8hq0UHHm6oqVBW1qm/LjdHCHHZLaSHbwtIVHa
Bp39AxJfmTurwMosW3alxfWselCr6fUGBSQ7j9/REFAgt9aBxk4ISg==
=Ruc9
-----END PGP SIGNATURE-----
Return to July 1996
Return to “Steffen Zahn <zahn@berlin.snafu.de>”