Cc: pem-dev(_at_)tis(_dot_)com
Date: Sat, 15 Oct 94 19:59:40 -0400
From: Stephen D Crocker <crocker(_at_)tis(_dot_)com>
Interesting problem. I expect Jim and others will have some
things to say. Here's a couple of my own observations.
Turns out that the PGP community just ran into this problem. In their
case the issue was that messages (clearsigned) begin with -----BEGIN PGP...
followed by a blank line. However any text between the boundary and the
blank line was ignored (thrown away as part of the ASCII "armor") and not
included in the signature. This would permit a person to spoof someone
by inserting information in this slot in an otherwise valid message.
First, your "beep real loud" has some appeal. The signature checking
process results in either the display of the message to the user or
the storage of an annotated message. In both cases, one can suggest
that the implementation take note of extraneous headers and make it
clear to the user that they are not part of the signed body of the
message.
This is the solution that is being used for PGP now.
I don't think there will be much room for people to be fooled. If
there a few incidents, we'll see rapid increase in awareness. I'm not
worried about spoofing of automatic programs that read mail; they
should be written to know what's in versus what's out of the message.
Programs should run against the output of the de-enhancing program.
-Jeff