On Mon, 25 Dec 1995, Dr. Dimitri Vulis wrote:
As I keep pointing out, pgp-signing the body is not enough.
You're wrong.
He's right.
You can setup Procmail to detect if something is signed with PGP, and if it is, to run a script which determines the authenticity of the signature. If the signature is not authentic, the message goes to /dev/null. That way, even if Carol is using intercepted messages from Bob, Carol's messages won't be accepted or seen.
Ok. If I want to get my email ad for the Ronco turnip-twaddler past a filter like that, all I need to do is to create a PGP key with a user name that's the same as one that the victim already receives. i.e. if I know that joe@blort.com exchanges email with phred@none.net, then I just create a PGP key with the name "phred@none.net", and sign the turnip-twaddler ad with that. It'd have a valid signature, and one coming from Joe's friend phred. Mail accepted. In addition to checking for a valid signature, the filtering software would have to also check the PGP key id of the key used. It would also need to make sure that there is ONLY PGP-signed content in the mail. Otherwise Mallet could grab an innocuous mail message that Phred signed and included it at the bottom of the turnip-twaddler ad. It wouldn't make sense (although that might be usual with Phred), but it'd contain a valid signature from Phred, and therefore get the ad past the filter. I'm sure there's other caveats, these are just the ones I can think of now. I wish all Cypherpunks a Merry Christmas. I hope Santa brought you all something nice, like a fast new stream cipher, a new key exchange protocol, or maybe a note from the Fedz saying that ITAR has been lifted. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF