GPG agent for W32

Florian Weimer fw at
Mon May 14 21:41:02 CEST 2001

dirk.meyer at (Dirk Meyer) writes:

> Allow me to object, this is not secure.

I think this is the strong vs. weak ES model issue mentioned already
in RFC 1122.  Yes, this is a problem.

> If an attacker can sent a router to you, he can send packges with
> destination "" to you and connect to your services.

There's no need for a router.  The attacker needs access to a sub-IP
transport layer (for example, Ethernet), in order to be able to inject
arbitrary IP packets.

More information about the Gnupg-devel mailing list