crypto flaw in secure mail standards

Greg Broiles gbroiles at well.com
Sun Jun 24 13:32:04 EDT 2001


At 09:45 AM 6/24/2001 +0800, Enzo Michelangeli wrote:

>A question for legal experts on the list: Does all this pose legal risks
>within the current legal framework? In other word, do current digital
>signature laws assume that also the headers are assumed to be authenticated
>and non-repudiable if the message is digitally signed?

The digital signature laws I've seen don't mention and don't support the 
notion of "non-repudiation", which seems to be an obsession among computer 
security people and a non-issue among legal people. The idea that something 
is "non-repudiable" or unarguable or unavoidable is nonsense. I use it as a 
clue detector - if someone talks about non-repudiation, they don't know 
much about US contract law.

The attack raised - at least as it's been summarized, I haven't gotten 
around to the paper yet - sounds like a good one to remember, but too 
contrived to be especially dangerous in the real world today. How often do 
you, or people you know, send short context-free messages to conclude 
important negotiations? And how often would you rely on a digital signature 
to assure you that everything was kosher if an otherwise promising deal or 
negotiation suddenly turned bad? And if you thought you had grounds for a 
lawsuit, wouldn't you send a message or make a phone call first, to the 
effect of "I was really surprised that you ended our discussion so 
abruptly. I understood our agreement to require you to continue to supply 
me with widgets for the next 3 years. If you're serious about ending our 
relationship early, I'm going to have to talk to my lawyer about that, 
because you've put me at a serious disadvantage, now that the spot price of 
widgets has gone up so much."

Sure, let's work on this and make systems better, so that signatures 
include context which helps prevent misunderstanding or active attack. But 
the sky isn't falling - this attack is a nuisance, becuase it makes its 
victims spend a few hours on the phone ironing out a misunderstanding - and 
it's not at all likely to lead to serious lawsuits.

I just ran across Jon Callas' earlier message in this thread and think he's 
right on the money. Don't sign tiny no-context messages. Don't get 
distracted by the cartoonish fantasy of non-repudiation.


--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list