[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Only accepting e-mail from known parties



I think the underlying problem is that the way PGP signatures are used by most
people, they validate a text, but allow it to be quoted out of context in an
e-mail or Usenet forgery. E.g., suppose Alice posts a PGP-signed text in
alt.sex. Bob forges a Usenet article in misc.kids, making it look like it came
from Alice and quoting her PGP-signed body. Alice will have a tough time
convincing the public that she didn't post it -- after all, her signature
verifies. (There are many people on the net who don't comprehend the
argument that the Path: is clearly bogus). Or: Bob writes Alice a sexually
explicit letter and forgets to say "Dear Alice" in the signed block. Alice
forges an e-mail to Carol, making it look like it came from Bob and quoting
the signed block. Bob would have to realy on the analysis of Received:
headers to repudiate such a forgery.

I suggest to the kind folks working on PGP 3 that there should be a standard
protocol to include within the signed portion the information on when and for
whom this text is written: i.e. the list of e-mail recipients and/or Usenet
newsgroups, which could be easily compared with the RFC 822/1036 headers of
an e-mail/Usenet article. Perhaps there could be a new option for PGP to look
_outside_ the signed block and match the headers with what's inside the
block. E.g., suppose the signature block says: this text was written by
[email protected], posted to alt.sex and alt.sex.banal and e-mailed to
[email protected]. Suppose PGP is asked to check the signature in a file that
purports to be a e-mail or a Usenet article and has some headers before the
signed portion. If there is a list of To: recipients, and it includes someone
other than the recipients listed within the signed block; or if there is
a Newsgroups: header, and it includes newsgroups not listed within the signed
portion; then the input is bogus. For compatibility with the existing
software, if the signed block doesn't include this info, then this checking
should't be done, of course.

(Yes, one could do this with a wrapper to PGP, making the whole thing even
more user-hostile.)

---

<a href="mailto:[email protected]">Dr. Dimitri Vulis</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps