In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wri
tes:
>Steve Bellovin <[EMAIL PROTECTED]> said:
>> I'm far from convinced, for example, that the LOVEBUG virus would
>> have been prevented were all mail digitally signed, because I
>> strongly suspect that the attack would have invoked a digital
>> signature API to generate digitally-signed copies of itself.
>
>I would hope that any software I use, that is able to put my digital signature
>on some data, would ask me for my pass-phrase every time my private key is
>used. I would even hope that such software wouldn't be able to use my private
>key without the pass-phrase, otherwise anybody with access to my computer coul
>d
>easily forge my signature.
>
>If this requirement is not met, the digital signature has no value.
Yup...
More precisely -- in the Holy Name of Convenience, many (most?) mailers
permit a passphrase to be cached for some amount of time. A virus
could exploit that. Or it could wait until you tried sending some
signed mail, and grab the key then. It could even wait, and then pop
up its own key window that masquerades as the real one, followed by a
box saying that you entered your passphrase incorrectly, and that you
should retry it, in the real prompt. There are operating system
techniques that can prevent that latter attack, such as the "trusted
path". But trusted path support is rare on UNIX systems, and though
Windows NT does use it for login passwords, I haven't yet seen a secure
NT mailer that uses it. (Btw -- though there are security risks here,
there are also security risks in using such technologies, since if it's
too inconvenient to send secure email, there will be more sent in the
clear. That's a risk, too; pick your poison.)
It's for reasons like these that it has been said that conventional
signatures are weakly bound to a document, but strongly bound to the
individual, while digital signatures are strongly bound to a document
but weakly bound to an individual. A digital signature provides proof
that a particular private key was used to produce it. Just who
employed that key is a separate question, and one that must be
carefully evaluated when deciding how much weight to attach to the
signature.
--Steve Bellovin
