PGP Bug Solution?
Nicholas Cole
nicholas.cole@university-college.oxford.ac.uk
Sat Mar 24 12:20:02 2001
I may be completely wrong, but if I understand the paper correctly,
the modified key will not produce a valid signature.
If that is the case, could not GPG attempt to validate a signature
when created, and ring alarm bells if the signature does not verify?
Of course, this would add time to the process, so perhaps there should
be an option to disable this check if the user feels the enviroment in
which keys are stored is secure.
Nicholas Cole
--
nicholas.cole@univ.ox.ac.uk || npcole@yahoo.co.uk
private key fingerprint:
2EFA D405 1B23 73F6 572E A1C7 BEDA 238C 560F 6E28
:wq