Bugtraq mailing list archives
Re: crypto flaw in secure mail standards
From: Jim Halfpenny <jim () openanswers co uk>
Date: Mon, 25 Jun 2001 09:59:27 +0100 (BST)
Yes - An expert witness should (and presumably would) reduce the document to just its signed portion and say "this, and only this, is what Alice signed; there is no evidence who sent this where, as that was done after the document was signed"
Does this then suggest there is a potential abuse of trust vulnerability if digital signatures are used to provide non-repudiation in such transactions? If you digitally sign a message with a signature stamped at a significantly earlier date, you could use this as a defense to reduce the integrity of the signature. Establishing reasonable doubt could drastically alter the outcome of a legal hearing, especially if the original message was deliberately made vague, insofar as the intended recipient is ambiguous, so as to make this form of attack seem plausible. Cheers, Jim Halfpenny
Current thread:
- crypto flaw in secure mail standards Don Davis (Jun 22)
- Re: crypto flaw in secure mail standards Gregory Steuck (Jun 22)
- Re: crypto flaw in secure mail standards David Howe (Jun 22)
- Re: crypto flaw in secure mail standards Florian Weimer (Jun 24)
- <Possible follow-ups>
- crypto flaw in secure mail standards Don Davis (Jun 24)
- Re: crypto flaw in secure mail standards David Howe (Jun 24)
- Re: crypto flaw in secure mail standards Jim Halfpenny (Jun 25)
- Re: crypto flaw in secure mail standards Riad S. Wahby (Jun 24)
- Re: crypto flaw in secure mail standards Tollef Fog Heen (Jun 27)
- Re: crypto flaw in secure mail standards Richard Atterer (Jun 28)
- Re: crypto flaw in secure mail standards Robert Bihlmeyer (Jun 29)