[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A weakness in PGP signatures, and a suggested solution (long)



In article <[email protected]>, [email protected] (Dr.
Dimitri Vulis) wrote:

>I've been engaged in a lively debate with a few members of the cypherpunks
>mailing list about forgeries that are hard to repudiate even if PGP signatures
>are used. One of the participants suggested that I post a summary to
>alt.privacy.pgp and sci.crypt, which is just what I'm doing.

<long comment that signed messages don't include the headers, omitted>

Although I do not disagree with the poster, and it may be useful to
include headers in the encryption (though care must be taken in verifying
them if the routing process adds anything), the lesson here is really a
different and important one than the writer's idea of encrypting headers.

It is that signed messages en clair are a)unencrypted to a specific
recipient, b) anyone may "validate" such a message, and c) "BEGIN PGP
SIGNED MESSAGE" and
"END PGP SIGNATURE" mean exactly what they say--only the delimited matter
is authenticated. Thus if one is writing to Carol to break off a
relationship, one had better include "Dear Carol" in the message text, and
if you are in relationship with more than one Carol, or expect to be, the
date and other particularizing info as well.

By the way, if Bob is sending unencrypted e-mail to Carol about the
details of their relationship for reasons other than public witness, he
has more than spoofed headers to worry about. It's his own head, er, that
needs scrutiny. :-)

David