A weakness in PGP signatures, and a suggested solution (long)

Jiri Baum jirib at sweeney.cs.monash.edu.au
Tue Jan 16 16:52:07 PST 1996


-----BEGIN PGP SIGNED MESSAGE-----

Hello ckey2 at eng.ua.edu (Christopher R. Key)
  and cypherpunks at toad.com
 
> In article <Pine.ULT.3.91.960110182255.18692H-100000 at xdm011>, Jeffrey Goldberg <cc047 at Cranfield.ac.uk> says:
...
> First of all, if the recipient is a newsgroup, why would that particular
> information need to be part of the signed information?  If you post to a
...

Somebody already pointed out an adult message being re-posted to a kidgroup.

...
> Secondly, if you are sending email to some one and sign it using pgp, wouldn't
> that person need pgp to prove that in fact you did sign it?  Then it can be
...
> So if all that needs be done to a message to insure that the appropriate 
> person reads it is encrypt it using their public key, why does pgp (or one
> of the pgp interfaces) need to be changed to include header information?  
...

But then the recipient has a PGP-signed message from you which
isn't encrypted (using pgp -d). That person could then impersonate
you. Eg Alice the jilted lover could resend the goodbye message
with forged headers to Bob's new girlfriend to get back at him.

What a sentence. Here it is again, hopefully understandable:

Bob->Alice
  From:Bob; Encrypted(Signed("We're through",Bob),Alice)

Alice does pgp -d, leaving her with Signed("We're through",Bob)

Alice->Carol
  From:Bob; Encrypted(Signed("We're through",Bob),Carol)

Later, when Bob gets another girlfriend,

Alice->Danielle
  From:Bob; Encrypted(Signed("We're through",Bob),Danielle)

Later still,

Alice->Eve
  From:Bob; Encrypted(Signed("We're through",Bob),Eve)







More information about the cypherpunks-legacy mailing list