crypto flaw in secure mail standards

P.J. Ponder ponder at freenet.tlh.fl.us
Sun Jun 24 16:06:11 EDT 2001 

The laws I have seen are not specific enough to deal with what gets
included in a digitally signed message.  These laws define 'digital
signature' and in some cases invoke so-called trusted third parties to
issues certs, etc., but I haven't seen a law yet with the level of
detail that would require date/time, subject, to, from, etc., in a mail
message.  Most of the laws define something as being digitally signed in
general terms of public key crypto, as for example the Florida (US) law:
|
| (3)  "Digital signature" means a type of electronic signature that
| transforms a message using an asymmetric cryptosystem such that a person
| having the initial message and the signer's public key can accurately
| determine:
|
| (a)  Whether the transformation was created using the private key that
| corresponds to the signer's public key.
|
| (b)  Whether the initial message has been altered since the
| transformation was made.
|
(from section 668.003, Florida Statutes)

As others have pointed out, 'non-repudiation' is not a legal concept.

As a practical matter, if one were potentially damaged by an attack of
this type, one could argue that such a message could be resent, absent the
original context.  This could be demonstrated, experts could testify, etc.

It appears to be a problem in the protocols, but I don't see it as being a
legal problem, esp. in light of the fact that there is no such thing as
'non-repudiation' in the real world.

Seems like another good reason to use a time-stamper like the one at:

http://www.itconsult.co.uk/stamper/

--
pjp

On Sun, 24 Jun 2001, Enzo Michelangeli wrote:

> A question for legal experts on the list: Does all this pose legal risks
> within the current legal framework? In other word, do current digital
> signature laws assume that also the headers are assumed to be authenticated
> and non-repudiable if the message is digitally signed?
>
> Enzo




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list