-----BEGIN PGP SIGNED MESSAGE----- [I am posting this to exactly the same groups that the original was posted to. If someone feels that the distribution should be more limited please restrict the follow-ups. I have also mailed a copy to the original poster.] On Wed, 27 Dec 1995, Dr. Dimitri Vulis wrote:
Bob once sent Carol an e-mail that looked like this:
----------------------------------------------------------------------- From: Bob@boxb To: Carol@boxc Date: 25 Dec 1965 Subject: Carol, we're history Message-ID: <111@boxb>
----BEGIN PGP SIGNED MESSAGE----
I no longer wish to go out with you. Merry Christmas!
----BEGIN PGP SIGNATURE---- Version 2.6.2
12341234...
----END PGP SIGNATURE----
-----------------------------------------------------------------------
Carol can forge an e-mail to Alice that looks like this:
----------------------------------------------------------------------- From: Bob@boxb To: Alice@boxa Date: 25 Dec 1995 Subject: Alice, we're history Message-ID: <222@bobb>
----BEGIN PGP SIGNED MESSAGE----
I no longer wish to go out with you. Merry Christmas!
----BEGIN PGP SIGNATURE---- Version 2.6.2
12341234...
----END PGP SIGNATURE----
I have omitted the other scenarios for reasons of space. All of them are based on the fact that information about the intended recipient (including newsgroup) is not part of the information signed. I proposal is made for a mechanism to have some header information signed as well. I don't think that such a thing needs to be build into pgp, but might be included in pgp/MUA interfaces. I also think that the crucial lesson here is to take the analogy to signature on paper more seriously. Imagine that paper documents were reproducible in a way that made the original indistinguishable from copies. Under search circumstances you would never sign something like: I agree to give you my house plus $30,000 in exchange for your house. (signature) For the same reasons that you would never sign something like that (without specifying the individuals and the properties in question), you shouldn't sign an electronic when the interpretation of the document is a function of whose hands its in. As with the paper document, you would never rely on its interpretation depending on the name on the envelope, you shouldn't rely on the headers. As for the recipient, the signature determines responsibility for the signed portion, but not for the act of sending the document. The only difference between paper and E-docs is that with paper there is a distinction between the original and copies. The lesson is not so much that we should change pgp, but that we should pay very careful attention to what we sign. - -jeff Jeffrey Goldberg +44 (0)1234 750 111 x 2826 Cranfield Computer Centre FAX 751 814 J.Goldberg@Cranfield.ac.uk http://WWW.Cranfield.ac.uk/public/cc/cc047/ "An `alternative paradigm' is the first refuge of the incompetent" --LM -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by mkpgp, a Pine/PGP interface. iQCVAgUBMPQNUBu6nIqxqP+5AQGHxgQAunhff6dV0eCXuVe6w+t0KWELlfjx3Iu4 SrKKo/DB+yWYDn+UVsFPyqvG64qmBxSaLLT95S3rbJEPklpRteN2+8Z94O5PxvL4 Q0OfGSX7oPN2Hwl3hkbjhwLWMpogcxfg6yle1SsqMCTMj3t8RAdmWD8DAQ9fEVzK JdSdEXoc37s= =21Kt -----END PGP SIGNATURE-----