Erik: On Mon, 25 Dec 1995, Eric Murray wrote:
On Mon, 25 Dec 1995, Dr. Dimitri Vulis wrote:
Ok. If I want to get my email ad for the Ronco turnip-twaddler past a filter like that, all I need to do is to create a PGP key with a user name that's the same as one that the victim already receives.
i.e. if I know that joe@blort.com exchanges email with phred@none.net, then I just create a PGP key with the name "phred@none.net", and sign the turnip-twaddler ad with that. It'd have a valid signature, and one coming from Joe's friend phred. Mail accepted.
But will the signature match that of phred@none.net's PGP key. I doubt it.
In addition to checking for a valid signature, the filtering software would have to also check the PGP key id of the key used. It would
To check a signature, you need the public key the signature was created with. You allready have phred@none.net's public key on your keyring. If that key does not demonstrate an authentic signature for the messge, then the message is a fake. Now, if you assume that your keyring has been compromised, then you can also check the signatures of who signed the keys. At a minimu, your signature should be on the authentic key. If it is missing, then you can place the message in a "suspected to be forged bin", or just send it to dev/null, unread.
also need to make sure that there is ONLY PGP-signed content in the mail. Otherwise Mallet could grab an innocuous mail message that
I hadn't thought of that, but here is one solution. Run a perl script that automatically deletes everything that is not signed by pgp, with the exception of the date, the sender, and the subject line.
I'm sure there's other caveats, these are just the ones I can think of now.
Let's figure out some more threat models. And how to counter them. Man in the middle --- he has your public key, joe@none.net's public key, and access to both your pbulic ring, and joe@none.net public ring. I don't know know how to counter this one using filters with perl --- yet. xan jonathon grafolog@netcom.com **************************************************************** Opinions represented are not necessarilly mine. OTOH, they are not representations of any organization I am affiliated with, either. WebPage: ftp://ftp.netcom.com/gr/graphology/home.html For a good prime, call 391581 * 2^216193 - 1 **********************************************************************