Re: crypto flaw in secure mail standards

[Gregory Steuck <greg () nest cx>]

The presented attacks look like a hybrid of replay and man in the middle
attacks known for years. I do agree that problems are real and I am
looking forward to reading your paper. 

Let me fatasize as to how this can be solved in PGP. One
can include the key id of the intended recepient into the signed
portion of the message. This will clearly state the intended
recipient.

Below I also propose user level solutions to the problems.

On Fri, Jun 22, 2001 at 10:15:03AM -0500, Don Davis wrote:
> Suppose Alice and Bob are business partners, and are setting
> up a deal together.  Suppose Alice decides to call off the
> deal, so she sends Bob a secure-mail message: "The deal is off."

It is very unlikely that Alice won't include a salutation
along the lines of: "Dear Bob". Which makes the message not
very suitable for Charlie. Moreover doesn't PGP signature
include a timestamp? (whether or not it is part of the signed
message is the question I don't know the answer to)

> Suppose instead that Alice & Bob are coworkers.  Alice uses
> secure e-mail to send Bob her sensitive company-internal
> sales plan.  Bob decides to get his rival Alice fired:

In this case I'm afraid Alice will have to be more careful 
and not sign the documents she doesn't have to. Why would
she send a signed internal memo?

Thanks
Greg