There is a fundamental flaw in numerous popular encrypted e-mail programs that calls into question the authenticity of digitally signed and encrypted e-mail messages, according to a security researcher who has published a paper on the subject. But, as is usually the case in the security community, the revelation has sparked a debate over the merits of the disclosure.. . .
There is a fundamental flaw in numerous popular encrypted e-mail programs that calls into question the authenticity of digitally signed and encrypted e-mail messages, according to a security researcher who has published a paper on the subject. But, as is usually the case in the security community, the revelation has sparked a debate over the merits of the disclosure.

The problem lies in the way that secure mail programs handle digital signatures and encryption. Because encrypted mail messages are necessarily stamped with a digital signature before they are encrypted, the recipient can only be sure who wrote the message and not who encrypted it, according to Don Davis, corporate security architect at Curl Corp., in Cambridge, Mass., and the author of the paper.

The link for this article located at ZDNet eWeek is no longer available.