[15783] in cryptography@c2.net mail archive
Re: dual-use digital signature vulnerability
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Sun Jul 18 11:27:27 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 18 Jul 2004 09:33:46 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
To: Anne & Lynn Wheeler <lynn@garlic.com>, cryptography@metzdowd.com
In-Reply-To: <6.1.2.0.2.20040716081955.03dd5010@mail.comcast.net>
This is a multi-part message in MIME format.
--------------090809030006040200010205
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Anne & Lynn Wheeler wrote:
> ok, this is a long posting about what i might be able to reasonable assume
> if a digital signature verifies (posting to c.p.k newsgroup):
... skipped (it was long :-)
> the dual-use comes up when the person is 'signing" random challenges as
> purely a means of authentication w/o any requirement to read the
> contents. Given such an environment, an attack might be sending some
> valid text in lieu of random data for signature. Then the signer may
> have a repudiation defense that he hadn't signed the document (as in the
> legal sense of signing), but it must have been a dual-use attack on his
> signature (he had signed it believing it to be random data as part of an
> authentication protocol)
I don't see here any problem or attack. Indeed, there is difference
between signature in the crypto sense and legally-binding signatures.
The later are defined in one of two ways. One is by the `digital
signature` laws in different countries/states; that approach if often
problematic, since it is quite tricky to define in a general law a
binding between a person or organization and a digital signature. The
other way however is fine, imho: define the digital signature in a
(`regular`) contract between the parties. The contract defines what the
parties agree to be considered as equivalent to their (physical)
signature, with well defined interpretation and restrictions.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
--------------090809030006040200010205
Content-Type: text/x-vcard; charset=utf-8;
name="herzbea.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="herzbea.vcf"
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:herzbea@cs.biu.ac.il
title:Associate Professor
tel;work:+972-3-531-8863
tel;fax:+972-3-531-8863
x-mozilla-html:FALSE
url:http://AmirHerzberg.com
version:2.1
end:vcard
--------------090809030006040200010205--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
