GPG agent for W32
fw at deneb.enyo.de
Mon May 14 21:41:02 CEST 2001
dirk.meyer at dinoex.sub.org (Dirk Meyer) writes:
> Allow me to object, this is not secure.
I think this is the strong vs. weak ES model issue mentioned already
in RFC 1122. Yes, this is a problem.
> If an attacker can sent a router to you, he can send packges with
> destination "127.0.0.1" to you and connect to your services.
There's no need for a router. The attacker needs access to a sub-IP
transport layer (for example, Ethernet), in order to be able to inject
arbitrary IP packets.
More information about the Gnupg-devel