dual-use digital signature vulnerability
Amir Herzberg
herzbea at macs.biu.ac.il
Sun Jul 18 03:33:46 EDT 2004
Anne & Lynn Wheeler wrote:
> ok, this is a long posting about what i might be able to reasonable assume
> if a digital signature verifies (posting to c.p.k newsgroup):
... skipped (it was long :-)
> the dual-use comes up when the person is 'signing" random challenges as
> purely a means of authentication w/o any requirement to read the
> contents. Given such an environment, an attack might be sending some
> valid text in lieu of random data for signature. Then the signer may
> have a repudiation defense that he hadn't signed the document (as in the
> legal sense of signing), but it must have been a dual-use attack on his
> signature (he had signed it believing it to be random data as part of an
> authentication protocol)
I don't see here any problem or attack. Indeed, there is difference
between signature in the crypto sense and legally-binding signatures.
The later are defined in one of two ways. One is by the `digital
signature` laws in different countries/states; that approach if often
problematic, since it is quite tricky to define in a general law a
binding between a person or organization and a digital signature. The
other way however is fine, imho: define the digital signature in a
(`regular`) contract between the parties. The contract defines what the
parties agree to be considered as equivalent to their (physical)
signature, with well defined interpretation and restrictions.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040718/15a3175b/attachment.vcf>
More information about the cryptography
mailing list