If I was nasty CA (like from a rival company) one of the things I can
do is to change the certificates on any PEM messages and thus can
change the attribution of the PEM message.
Since I know the public key used to sign a message, I can generate a new
certificate that has that public key. I just copy over the MIC and the
message body intact and thats it...
The fix is easy to the PEM protocol and also touches on one of the areas
that I think the PEM specs are wrong.
The fix.
PEM should transport RFC822 messages and not just the RFC822 message body. If
you have 822 headers then it is easy to insert an extra Originator-Id header
into them BEFORE the message is signed. A nasty CA cannot now get away
with changing the Certs since the Originator ID in the message headers is
now covered by the MIC. With a full RFC822 message, you can now cleanly
interface to MIME because you can PEM a MIME message and have the MIME
headers in the Header part of the 822 message and not extracted into the
envelope headers.
Pete.