Bugtraq mailing list archives
Re: crypto flaw in secure mail standards
From: "David Howe" <DaveHowe () bigfoot com>
Date: Sat, 23 Jun 2001 10:57:03 +0100
"Lyal Collins" <lyalc () ozemail com au> wrote: To: "David Howe" <DaveHowe () Bigfoot com>; <bugtraq () securityfocus com>
One significant issue is that an expert witness can cast doubt, not only on the digital signature in question, but upon _every_ digitally signed document each party received.
Yes - An expert witness should (and presumably would) reduce the document to just its signed portion and say "this, and only this, is what Alice signed; there is no evidence who sent this where, as that was done after the document was signed" Provided the *signed* (and timestamped) portion of the message/document supports the case, there is no doubt cast - A document that clearly states exactly what Alice wanted to say, including the recipient, would only be a few characters more (not even the ID of the recipient is needed, just his name or email address) Users find technology far too convenient; few if any of them would place a legally binding signature on a paper document containing a simple statement (such as "I agree to the terms of our contract") but many seem to believe it is ok to make digital signatures saying the same things... What is needed is increased User awareness "you are signing this document and it will be legally binding - are you sure it says what you want it to unambiguously?" not technological fixes.
Current thread:
- crypto flaw in secure mail standards Don Davis (Jun 22)
- Re: crypto flaw in secure mail standards Gregory Steuck (Jun 22)
- Re: crypto flaw in secure mail standards David Howe (Jun 22)
- Re: crypto flaw in secure mail standards Florian Weimer (Jun 24)
- <Possible follow-ups>
- crypto flaw in secure mail standards Don Davis (Jun 24)
- Re: crypto flaw in secure mail standards David Howe (Jun 24)
- Re: crypto flaw in secure mail standards Jim Halfpenny (Jun 25)
- Re: crypto flaw in secure mail standards Riad S. Wahby (Jun 24)
- Re: crypto flaw in secure mail standards Tollef Fog Heen (Jun 27)
- Re: crypto flaw in secure mail standards Richard Atterer (Jun 28)
- Re: crypto flaw in secure mail standards Robert Bihlmeyer (Jun 29)