[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Validity periods can be handled more explicitly
I didn't develop an appreciation for MASH until too late, and must have
missed that episode. What happened?
Although I believe (and have stated on the DIGSIG list) that the likelyhood
that someone's software (at least on his own machine) would be successfully
hacked so that it would display a document other than what was signed
without detection (a self-healing virus, in other words) to be negligible
compared to other threats, it is of course a theoretic possibility that
ought to be addressed. Word macro viruses, PostScript viruses, and of
course ActiveX/Java viruses all come to mind as severe opportunities for
someone to solve if there is an adequate market.
Bob
>>> Carl Ellison <cme@cybercash.com> 11/05 12:10 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
At 11:16 AM 11/1/97 -0800, Bill Frantz wrote:
>The (mostly) lawyers discussing digital signature issues on "Digital
>Signature discussion <DIGSIG@VM.TEMPLE.EDU>" have identified some other
>issues. For example, has the software been hacked so the document
>displayed for the user is not the same document that was signed. (This
>problem applies to smart card based signature systems as well as pure
>software.)
Ah, yes -- the Radar O'Reilly attack.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNGDEjxN3Wx8QwqUtAQGjUwP/Y56BzJhzI5rERBzH7cZ+97PfTUHqtWXV
wSZmbCq1MjFr0351vwugYK/6NwF256tzb1sdIxuqCbMH+qFzJEKHGhv8ltNndOjV
c3CSxZiJefgW3tTsxdHksEKpiIqTon7aaC3S7/6fuEqOOB68I8cQ9wOaeEux4yu9
/ufljXOHAc8=
=/OzK
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups: