[Enigmail] Sender under duress
Robert J. Hansen
rjh at sixdemonbag.org
Sat Oct 4 18:41:02 PDT 2008
John Clizbe wrote:
> I think you're layering too much meaning onto a cryptographic
> signature.
Agreed.
> All you can be reliably certain of, if the signature verifies, was
> that it was made with a given key and that the message was not
> altered in transit.
Not quite. You can be assured the message was not altered between the
time it was signed and the time it was delivered. You can't be assured
the message wasn't altered, full stop.
E.g., imagine a corporate mailserver that puts a signature on outgoing
mail. Alice wishes to sign a contract electronically, so she sends an
email to the vendor committing to a certain price per widget. Alice's
co-worker wants to kill Alice's career, so Mallory alters Alice's
message to commit to a much higher price.
The message hits the mail server, which applies the signature and sends
it out over the wire. When Alice attempts to repudiate the signature
later, most people won't listen to her. After all, it was signed,
right? And that means the message is intact, right?
Don't laugh -- in corporate X.509 environments this sort of thing can
and does happen, especially in shops that do everything at the server so
they can guarantee they'll always have the keys to recover the data.
It tends not to occur with Enigmail, though, since Enigmail applies the
signature before the message leaves the PC at all.
... The upshot: in the general case, there's an important caveat. With
respect to Enigmail, John is exactly right.
More information about the Enigmail
mailing list