[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FYI] (Fwd) crypto flaw in secure mail standards



On Sat 2001-06-23 (10:10), Axel H Horns wrote:
>   * Bob waits until Alice has a new deal in the works
>     with Charlle;
>   * Bob can abuse the secure e-mail protocol to re-encrypt
>     and resend Alice's message to Charlie;
>   * When Charlie receives Alice's message, he'll believe
>     that the mail-security features guarantee that Alice
>     sent the message to Charlie.
>   * Charlie abandons his deal with Alice.

Wie der Abstract dann auch bemerkt, stellt Sign&Encrypt idR keine
Verbindung zwischen Absender (Sign) und Adressaten (Encrypt) her und
der header ist nicht geschuetzt.  Wenn Alices mails jeweils einen
Briefkopf (o.ae. den Adressaten erkannbar machendes) im body
enhalten, ergibt sich das Problem nicht.

-- 
MfG/best regards, helmut springer           "Freedom's just another word
                                             for nothing left to lose"
                                             27 days to go...