crypto flaw in secure mail standards

[Enzo Michelangeli]

A question for legal experts on the list: Does all this pose legal risks
within the current legal framework? In other word, do current digital
signature laws assume that also the headers are assumed to be authenticated
and non-repudiable if the message is digitally signed?

Enzo

----- Original Message -----
From: "lcs Mixmaster Remailer" <mix at anon.lcs.mit.edu>
To: <cryptography at wasabisystems.com>
Sent: Saturday, June 23, 2001 5:40 AM
Subject: Re: crypto flaw in secure mail standards


> Derek Atkins writes:
> > The other obvious problem is that although the sender's identity is
> > encoded in the message's signature (as well as the time the signature
> > is purported to be made), the original intended recipient's are not
> > encoded within the signed portion of the message.  The simple fix
> > would be to include the appropriate mail headers withing the signed
> > portion of the message.  In particular, including the 'To' and 'Cc'
> > fields would immediately protect against both of these attacks.
>
> That's right, and maybe some other mail headers ought to be included too.
> We've all seen messages where the Subject header determines the context
> of the message.  Imagine that Alice sends a message with "Subject: Milk
> spoils if left out too long" and the body says, "... and I've seen it
> happen, too."  Then she sends that signed, and some mischievous person
> changes it to "Subject: The boss wears women's underwear" and we have
> a signed message from Alice saying "... and I've seen it happen, too."
> Poor Alice, she can't catch a break.
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com