yep, my thoughts exactly... i see no reason why the comment shouldnt be included when generating the signature. agreed that anyone with any experience with PGP will spot this instantly, and confirm their suspicions by verifying the Message, but someone with little experience, or maybe even someone in a rush, who simply reads the message then confirms the valid the signature may miss this, which admittedly i have done sometimes for non-essential mails ;o) , could possibly be tricked by this. From some of the replies i have received it seems that GPG is not vulnerable to this trick. -- PGP Key ID : 0x897D43BA SDF Public Access UNIX System - http://sdf.lonestar.org ----- Original Message ----- From: "jms" <jms@uic.edu> To: "[Segmen]" <dontpanic999@yahoo.com> Sent: Monday, October 15, 2001 9:13 PM Subject: RE: PGP Signed Messages > Here's my perspective as someone who has never used PGP. > > I would examine the message and probably conclude > that the message is in some sort of PGP multi-part > message, sort of like a multi-part MIME message, > and that I was seeing the unparsed headers. > > If you had written "P.S. Please send the confidential ..." > instead of "Please ...", that would probably be enough > to convince me that I had "figured it out", because > I've seen similar email where the author adds additional > message text as a mime attachment to the original message. > > Of course, the PGP check would show the message to be authentic ... > > I would certainly agree that at the very least the contents of the > comment should be included in computing the signature. > > >===== Original Message From "[Segmen]" <dontpanic999@yahoo.com> ===== > >It occurred to me today what a bad idea the Comment Field is in PGP signed > >messages. Altering the Comment filed does not affect the validity of the > >signature, but to the non experienced PGP/GPG user it certainly appears to > >be part of the message. > > > >Example : > > > >A generic message I could have got hold of : > > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Hello, meeting cancelled, speak to you soon. > > > >-----BEGIN PGP SIGNATURE----- > >Version: PGP 7.0.4 > > > >iQA/AwUBO8r9v9nrfc+JfUO6EQLrEACgv6+C07aWgAO+Dna0MHgEDaoDMxEAoJ2P > >7gojqeCRqKqTkbFMkHCToxtq > >=lki3 > >-----END PGP SIGNATURE----- > > > >I could change this to : > > > > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Hello, meeting cancelled, speak to you soon. > > > >-----BEGIN PGP SIGNATURE----- > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Please Send the Confidential Files from the planned meeting to > >My colleague Instead at me@host.com . He will now be dealing with > >this matter. > >Speak to you soon, victim. > > > >-----BEGIN PGP SIGNATURE----- > >Version: PGP 7.0.3 > > > >iQA/AwUBO8r9v9nrfc+JfUO6EQLrEACgv6+C07aWgAO+Dna0MHgEDaoDMxEAoJ2P > >7gojqeCRqKqTkbFMkHCToxtq > >=lki3 > >-----END PGP SIGNATURE----- > > > >well, you get the idea. The signature is still valid. > > > >Agreed that only the beginner crypto user would fall for this, but if they > >were to read the message and then just use PGP to check the validity, they > >could be tricked into believing that the extra lines were part of the > >verified message. > >Does anybody else think this is quite a bad idea? > > > > > >-- > >PGP Key ID : 0x897D43BA > >SDF Public Access UNIX System - http://sdf.lonestar.org > >UKChat - http://www.ukchat.com > > > > > > > >_________________________________________________________ > >Do You Yahoo!? > >Get your free @yahoo.com address at http://mail.yahoo.com > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
