crypto flaw in secure mail standards
gbroiles at well.com
Sun Jun 24 13:32:04 EDT 2001
At 09:45 AM 6/24/2001 +0800, Enzo Michelangeli wrote:
>A question for legal experts on the list: Does all this pose legal risks
>within the current legal framework? In other word, do current digital
>signature laws assume that also the headers are assumed to be authenticated
>and non-repudiable if the message is digitally signed?
The digital signature laws I've seen don't mention and don't support the
notion of "non-repudiation", which seems to be an obsession among computer
security people and a non-issue among legal people. The idea that something
is "non-repudiable" or unarguable or unavoidable is nonsense. I use it as a
clue detector - if someone talks about non-repudiation, they don't know
much about US contract law.
The attack raised - at least as it's been summarized, I haven't gotten
around to the paper yet - sounds like a good one to remember, but too
contrived to be especially dangerous in the real world today. How often do
you, or people you know, send short context-free messages to conclude
important negotiations? And how often would you rely on a digital signature
to assure you that everything was kosher if an otherwise promising deal or
negotiation suddenly turned bad? And if you thought you had grounds for a
lawsuit, wouldn't you send a message or make a phone call first, to the
effect of "I was really surprised that you ended our discussion so
abruptly. I understood our agreement to require you to continue to supply
me with widgets for the next 3 years. If you're serious about ending our
relationship early, I'm going to have to talk to my lawyer about that,
because you've put me at a serious disadvantage, now that the spot price of
widgets has gone up so much."
Sure, let's work on this and make systems better, so that signatures
include context which helps prevent misunderstanding or active attack. But
the sky isn't falling - this attack is a nuisance, becuase it makes its
victims spend a few hours on the phone ironing out a misunderstanding - and
it's not at all likely to lead to serious lawsuits.
I just ran across Jon Callas' earlier message in this thread and think he's
right on the money. Don't sign tiny no-context messages. Don't get
distracted by the cartoonish fantasy of non-repudiation.
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography