Re: crypto flaw in secure mail standards

From: Jim Halfpenny (jimat_private)
Date: Mon Jun 25 2001 - 01:59:27 PDT

Next message: Travis Siegel: "Re: The Dangers of Allowing Users to Post Images"

Previous message: Alun Jones: "Re: SurgeFTP vulnerabilities"
In reply to: David Howe: "Re: crypto flaw in secure mail standards"
Next in thread: Riad S. Wahby: "Re: crypto flaw in secure mail standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>   Yes - An expert witness should (and presumably would) reduce the document
> to just its signed portion and say "this, and only this, is what Alice
> signed; there is no evidence who sent this where, as that was done after the
> document was signed"

Does this then suggest there is a potential abuse of trust vulnerability
if digital signatures are used to provide non-repudiation in such
transactions? If you digitally sign a message with a signature stamped at
a significantly earlier date, you could use this as a defense to reduce
the integrity of the signature.

Establishing reasonable doubt could drastically alter the outcome of a
legal hearing, especially if the original message was deliberately made
vague, insofar as the intended recipient is ambiguous, so as to make this
form of attack seem plausible.

Cheers,
Jim Halfpenny

Next message: Travis Siegel: "Re: The Dangers of Allowing Users to Post Images"
Previous message: Alun Jones: "Re: SurgeFTP vulnerabilities"
In reply to: David Howe: "Re: crypto flaw in secure mail standards"
Next in thread: Riad S. Wahby: "Re: crypto flaw in secure mail standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 09:02:23 PDT