The presented attacks look like a hybrid of replay and man in the middle attacks known for years. I do agree that problems are real and I am looking forward to reading your paper. Let me fatasize as to how this can be solved in PGP. One can include the key id of the intended recepient into the signed portion of the message. This will clearly state the intended recipient. Below I also propose user level solutions to the problems. On Fri, Jun 22, 2001 at 10:15:03AM -0500, Don Davis wrote: > Suppose Alice and Bob are business partners, and are setting > up a deal together. Suppose Alice decides to call off the > deal, so she sends Bob a secure-mail message: "The deal is off." It is very unlikely that Alice won't include a salutation along the lines of: "Dear Bob". Which makes the message not very suitable for Charlie. Moreover doesn't PGP signature include a timestamp? (whether or not it is part of the signed message is the question I don't know the answer to) > Suppose instead that Alice & Bob are coworkers. Alice uses > secure e-mail to send Bob her sensitive company-internal > sales plan. Bob decides to get his rival Alice fired: In this case I'm afraid Alice will have to be more careful and not sign the documents she doesn't have to. Why would she send a signed internal memo? Thanks Greg
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 19:13:55 PDT