crypto flaw in secure mail standards
Peter Fairbrother
peter.fairbrother at ntlworld.com
Sun Jun 24 18:08:57 EDT 2001
A standard business letter has "From:" and "To:" addresses. It has a date.
It has a "Dear:", showing also (perhaps) who it is for. It has a "Yours:"
showing (perhaps) a relationship between the correspondents. It has a typed
name showing whose name it is sent in, and it has a signature which
authenticates _all_ of these.
It has these things because long experience shows that it needs them,
experience gained from disputes and court cases.
An electronic business letter should have the same things. "Dear:" has gone
by the boards in email, to my personal regret, but there is no excuse for
allowing e-mail without the "to" address being authenticated by the
signature. It is an elementary failure of protocol design.
-- Peter
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list