Re: Anybody know details about Schneier's "flaw"?

"Dominikus Scherkl" <Dominikus.Scherkl@glueckkanja.com> Mon, 19 August 2002 10:01 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA26802 for <openpgp-archive@lists.ietf.org>; Mon, 19 Aug 2002 06:01:04 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7J9niR13625 for ietf-openpgp-bks; Mon, 19 Aug 2002 02:49:44 -0700 (PDT)
Received: from mail.glueckkanja.com (mail.glueckkanja.com [62.8.243.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7J9ngw13614 for <ietf-openpgp@imc.org>; Mon, 19 Aug 2002 02:49:43 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Re: Anybody know details about Schneier's "flaw"?
Date: Mon, 19 Aug 2002 11:49:23 +0200
Message-ID: <2F89C141B5B67645BB56C0385375788231C5B0@guk1d002.glueckkanja.org>
Thread-Topic: Re: Anybody know details about Schneier's "flaw"?
thread-index: AcJF7a2ecgkqG9KoQWeAfHbfGnfZMgBdonGAAABUb2A=
From: "Dominikus Scherkl" <Dominikus.Scherkl@glueckkanja.com>
To: <ietf-openpgp@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g7J9niw13621
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

> Y'know, there's an even simpler attack with the same premise.  You
> intercept an encrypted e-mail from Alice to Bob.  You take the mail
> body out of the message and send that body to Bob under your e-mail
> address (or under some address you control that Bob might mistake for
> Alice's, which would be even better).  Bob decrypts the message and
> replies to it, including the original message body by default.
> 
> The mistake here, on Bob's part, is to reply to a message without
> paying attention to the e-mail address being used
The Flaw I see (on the whole attack) is:
Why should anybody relpy cleartext to an encrypted messge?
especialy if it contains (even parts) of the encrypted message?
And if anybody does, why he's using encryption at all?!?

If a reply is sent at all, it should be encrypted, so an interceptor
has the same problem with the reply - he needs to break the key.

And if it's the sender himself who want's to cheat him, he knows
the message content very well, so what does he want to gain?!?

The whole attack looks very suspicious to me...

-- 
Dominikus Scherkl
dominikus.scherkl@glueckkanja.com