>In fact, every secure e-mail
>protocol, old and new, has codified na´ve Sign & Encrypt
>as acceptable security practice.  S/MIME, PKCS#7, PGP,
>OpenPGP, PEM, and MOSS all suffer from this flaw.

Actually, that's not true. The encrypted and signed email
functionality contained in Lotus Notes encrypts only body
fields and attachments, but signs the To:, From:, CC:,
Subject:, and TimeSent fields as well. And Lotus Notes predates
most if not all of the "standard" protocols.

I wouldn't call this a cryptographic flaw. I'd call it a flaw
in cryptographic engineering. And it's not a flaw borne out of
ignorance. The designers of the standard protocols knew about
the problem (I was there for some of them), but didn't think
their proposed standard would be acceptable if it "committed
layer violations" by extending signature coverage to data not
contained in their "layer". This is a classic example of
something a competent engineer can get right, but which a suite
of committees can't.

           --Charlie Kaufman
           ([EMAIL PROTECTED])

p.s. Ironically, Lotus Notes is transitioning from its
proprietary email format to S/MIME and trying to figure out how
to make it clear to customers that when they use the new
format, they don't get the protection they may have gotten used

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to