On Wed, Nov 29, 2000 at 06:20:45PM -0800, Dale Harris wrote:
> I thought there always was some sort of checksum being done on a file instead
> of just a signature. Is that not the case?
An OpenPGP signature involves a hash (i.e. a sort of checksum). But in the attack that Rene Puls described, GnuPG computes the hash of the second message and ignores the first one.