Check out confoo. If the email is HTML you can create collisions in the MD5 version of gpg for signatures.
http://www.doxpara.com/research/md5/*confoo*.*pl* On Tue, Oct 13, 2009 at 7:42 PM, Vincent Lape <[email protected]> wrote: > For electronic sigs i use USPS EPM (US Post Office Electronic > Postmark). Its pretty easy to configure and is not all that expensive. > You do have to pay per sig (kinda like buying a stamp) however you can > see a history of the "signatures" purchased. You can get over the > whole "he faked the date" thing because the signature includes date > and time the signature was applied. > > take a peek at http://www.usps.com/electronicpostmark/welcome.htm and > http://office.microsoft.com/en-us/help/HA010971711033.aspx > > Hope this helps > On Oct 13, 2009, at 11:37 AM, Soft Reset wrote: > > > Ok, something to (hopefully) challenge you with: > > > > I often send email digitally signed so that receivers can not modify > > the message and claim I wrote it (the modified version). However, > > if I do that, what is stopping the receiver from claiming "they > > never got it" and I'm falsifying the email in the first place? If I > > include the date in the signed message, they can still claim I put > > *any* date I wanted in there. > > > > For clarity, consider this scenario: > > > > Dan writes and signs the following message and sends it to Tracy on > > Jan 1, 2009: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > Hello Tracy, today is January 1, 2009 > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.9 (GNU/Linux) > > > > iEYEARECAAYFAkoOqzMACgkQ3GktKdDXU7up4QCglGa6gjD8MX3Gytushc65cVkA > > IJkAniZ3hQ1WyC0SbecPJRKY9xeSsHTA > > =KqXV > > -----END PGP SIGNATURE----- > > > > Dan then tells the boss, "I sent the email to Tracy." > > > > Tracy claims, "I never got any such email. He probably just made > > the email, faked the date and then signed it to make it look legit. > > He's lying!" > > > > > > ==================== > > > > Assuming the mail server administrators have no sense of logging or > > auditing, what can Dan do to provide "proof" of sending? > > > > Thanks again everyone! > > > > --SR6 > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
