crypto flaw in secure mail standards
lcs Mixmaster Remailer
mix at anon.lcs.mit.edu
Fri Jun 22 17:40:17 EDT 2001
Derek Atkins writes:
> The other obvious problem is that although the sender's identity is
> encoded in the message's signature (as well as the time the signature
> is purported to be made), the original intended recipient's are not
> encoded within the signed portion of the message. The simple fix
> would be to include the appropriate mail headers withing the signed
> portion of the message. In particular, including the 'To' and 'Cc'
> fields would immediately protect against both of these attacks.
That's right, and maybe some other mail headers ought to be included too.
We've all seen messages where the Subject header determines the context
of the message. Imagine that Alice sends a message with "Subject: Milk
spoils if left out too long" and the body says, "... and I've seen it
happen, too." Then she sends that signed, and some mischievous person
changes it to "Subject: The boss wears women's underwear" and we have
a signed message from Alice saying "... and I've seen it happen, too."
Poor Alice, she can't catch a break.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list