PGP Bug Solution?
nicholas.cole at university-college.oxford.ac.uk
Sat Mar 24 12:20:02 CET 2001
I may be completely wrong, but if I understand the paper correctly,
the modified key will not produce a valid signature.
If that is the case, could not GPG attempt to validate a signature
when created, and ring alarm bells if the signature does not verify?
Of course, this would add time to the process, so perhaps there should
be an option to disable this check if the user feels the enviroment in
which keys are stored is secure.
nicholas.cole at univ.ox.ac.uk || npcole at yahoo.co.uk
private key fingerprint:
2EFA D405 1B23 73F6 572E A1C7 BEDA 238C 560F 6E28
More information about the Gnupg-devel