The right way to send encrypted mail is to
create a mail message, encrypt it headers and all, and include that in a
mail message of type multipart/alternative, with the alternative being a
text message saying 'this mail is encrypted'.
Ned Freed suggested something along these lines on the
Forward secrecy is arguably a more important property of mail to have than
authentication, and is much easier to build properly, since it doesn't get
into the issues of identity. Unfortunately, none of the current mail
standards support it at all.
A (very-slow-moving) Internet draft that I've
Enzo Michelangeli wrote:
- Original Message -
From: Greg Broiles [EMAIL PROTECTED]
To: Enzo Michelangeli [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, June 25, 2001 1:32 AM
Subject: Re: crypto flaw in secure mail standards
[...]
The digital signature laws I've seen don't
The digital signature laws I've seen don't mention and don't support
the notion of non-repudiation, which seems to be an obsession
among computer security people and a non-issue among legal
people. The idea that something is non-repudiable or unarguable or
unavoidable is
In fact, every secure e-mail
protocol, old and new, has codified naïve Sign Encrypt
as acceptable security practice. S/MIME, PKCS#7, PGP,
OpenPGP, PEM, and MOSS all suffer from this flaw.
Actually, that's not true. The encrypted and signed email
functionality contained in Lotus Notes encrypts
I'm not hep to the identification scheme literature, but I'll just a note
that in Dimitrios's scheme, Alice can't just sign the challenge, but must
also include Dave's signature in her signature. That is, Alice must sign all
of {S_dave(challenge), challenge}, not just the challenge by itself.
At 10:32 AM -0700 6/24/01, Greg Broiles wrote:
The attack raised - at least as it's been summarized, I haven't gotten
around to the paper yet - sounds like a good one to remember, but too
contrived to be especially dangerous in the real world today. How often do
you, or people you know, send