GPG agent for W32

Florian Weimer fw at deneb.enyo.de
Mon May 14 21:41:02 CEST 2001


dirk.meyer at dinoex.sub.org (Dirk Meyer) writes:

> Allow me to object, this is not secure.

I think this is the strong vs. weak ES model issue mentioned already
in RFC 1122.  Yes, this is a problem.

> If an attacker can sent a router to you, he can send packges with
> destination "127.0.0.1" to you and connect to your services.

There's no need for a router.  The attacker needs access to a sub-IP
transport layer (for example, Ethernet), in order to be able to inject
arbitrary IP packets.




More information about the Gnupg-devel mailing list