Re: Anybody know details about Schneier's "flaw"?
"Dominikus Scherkl" <Dominikus.Scherkl@glueckkanja.com> Mon, 19 August 2002 10:01 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA26802 for <openpgp-archive@lists.ietf.org>; Mon, 19 Aug 2002 06:01:04 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7J9niR13625 for ietf-openpgp-bks; Mon, 19 Aug 2002 02:49:44 -0700 (PDT)
Received: from mail.glueckkanja.com (mail.glueckkanja.com [62.8.243.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7J9ngw13614 for <ietf-openpgp@imc.org>; Mon, 19 Aug 2002 02:49:43 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Re: Anybody know details about Schneier's "flaw"?
Date: Mon, 19 Aug 2002 11:49:23 +0200
Message-ID: <2F89C141B5B67645BB56C0385375788231C5B0@guk1d002.glueckkanja.org>
Thread-Topic: Re: Anybody know details about Schneier's "flaw"?
thread-index: AcJF7a2ecgkqG9KoQWeAfHbfGnfZMgBdonGAAABUb2A=
From: Dominikus Scherkl <Dominikus.Scherkl@glueckkanja.com>
To: ietf-openpgp@imc.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g7J9niw13621
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
> Y'know, there's an even simpler attack with the same premise. You > intercept an encrypted e-mail from Alice to Bob. You take the mail > body out of the message and send that body to Bob under your e-mail > address (or under some address you control that Bob might mistake for > Alice's, which would be even better). Bob decrypts the message and > replies to it, including the original message body by default. > > The mistake here, on Bob's part, is to reply to a message without > paying attention to the e-mail address being used The Flaw I see (on the whole attack) is: Why should anybody relpy cleartext to an encrypted messge? especialy if it contains (even parts) of the encrypted message? And if anybody does, why he's using encryption at all?!? If a reply is sent at all, it should be encrypted, so an interceptor has the same problem with the reply - he needs to break the key. And if it's the sender himself who want's to cheat him, he knows the message content very well, so what does he want to gain?!? The whole attack looks very suspicious to me... -- Dominikus Scherkl dominikus.scherkl@glueckkanja.com
- Anybody know details about Schneier's "flaw"? john.dlugosz
- Re: Anybody know details about Schneier's "flaw"? Derek Atkins
- Re: Anybody know details about Schneier's "flaw"? Rodney Thayer
- Re: Anybody know details about Schneier's "flaw"? Derek Atkins
- Re: Anybody know details about Schneier's "flaw"? Marc Mutz
- Re: Anybody know details about Schneier's "flaw"? john.dlugosz
- Re: Anybody know details about Schneier's "flaw"? Jon Callas
- Re: Anybody know details about Schneier's "flaw"? Lutz Donnerhacke
- Re: Anybody know details about Schneier's "flaw"? Rodney Thayer
- Re: Anybody know details about Schneier's "flaw"? Adam Back
- Re: Anybody know details about Schneier's "flaw"? Carl Ellison
- Re: Anybody know details about Schneier's "flaw"? Dominikus Scherkl
- Re: Anybody know details about Schneier's "flaw"? Peter Gutmann
- Re: Anybody know details about Schneier's "flaw"? Adrian 'Dagurashibanipal' von Bidder
- Re: Anybody know details about Schneier's "flaw"? Werner Koch
- Re: Anybody know details about Schneier's "flaw"? Adrian 'Dagurashibanipal' von Bidder
- Re: Anybody know details about Schneier's "flaw"? David Hopwood
- Re: Anybody know details about Schneier's "flaw"? Peter Gutmann