Technical challenge, or am I missing something...

[cmerkel at gmail.com (Chris Merkel)]

If you want that level of certainty, Alice and Bob have to agree to
use the same mail server, operated by an independent 3rd party who has
equal financial stake in both parties.

Or, you can do what everyone does with PITAs - BCC the boss.

- Chris Merkel

On Tue, Oct 13, 2009 at 1:37 PM, Soft Reset <softreset64738 at gmail.com> wrote:
> Ok, something to (hopefully) challenge you with:
>
> I often send email digitally signed so that receivers can not modify the
> message and claim I wrote it (the modified version).? However, if I do that,
> what is stopping the receiver from claiming "they never got it" and I'm
> falsifying the email in the first place?? If I include the date in the
> signed message, they can still claim I put *any* date I wanted in there.
>
> For clarity, consider this scenario:
>
> Dan writes and signs the following message and sends it to Tracy on Jan 1,
> 2009:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hash: SHA1
>
> Hello Tracy, today is January 1, 2009
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkoOqzMACgkQ3GktKdDXU7up4QCglGa6gjD8MX3Gytushc65cVkA
> IJkAniZ3hQ1WyC0SbecPJRKY9xeSsHTA
> =KqXV
> -----END PGP SIGNATURE-----
>
> Dan then tells the boss, "I sent the email to Tracy."
>
> Tracy claims, "I never got any such email.? He probably just made the email,
> faked the date and then signed it to make it look legit.? He's lying!"
>
>
> ====================
>
> Assuming the mail server administrators have no sense of logging or
> auditing, what can Dan do to provide "proof" of sending?
>
> Thanks again everyone!
>
> --SR6
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
- Chris Merkel