crypto flaw in secure mail standards

Jeffrey I. Schiller jis at
Sat Jun 23 11:51:51 EDT 2001

On Fri, Jun 22, 2001 at 06:23:46PM -0400, Radia Perlman - Boston Center for Networking wrote:
> Actually I don't think Don was talking about that. Instead he was
> talking about the danger of leaving things out of the
> signature like the subject
> line, the to field, the date, etc., that would allow someone to
> take Alice's message out of context, and other people on the list
> have explained that you need to have all stuff that matters be
> covered by the signature, perhaps by having the user consciously
> know what matters and include it in the body.

Ah. This is why I always replicate the Subject field (and other important)
fields in message that I sign for posterity (such as IESG action requests).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list