Anderson's attack?
Ben Pearre
bwpearre@alumni.princeton.edu
Wed Feb 6 19:13:02 2002
--FFoLq8A0u+X9iRU8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I'm sorry if this is in the archives - I looked but didn't find it.
This seems like a legitimate concern:
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
Has this been addressed in GnuPG? The documentation doesn't mention
whether gpg --encrypt --sign does Encrypt/Sign or Sign/Encrypt or
what. What's really going on in there?
Should there be an option --both, which does sign/encrypt/sign or some
such? I believe that the first time I installed PGP, there was an
option in my MUA to encrypt the relevant headers, but I don't think
that this is a problem that should be foisted upon the MUA developers,
as no-one seems to know about this issue.
Thoughts?
Cheers!
-Ben
--=20
bwpearre@alumni.princeton.edu http://hebb.mit.edu/~ben
--FFoLq8A0u+X9iRU8
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8YXGY+CWfKs/abNoRAkKrAKCwMJ4q5lMksE7vYtfR0Pg3LyUJzACg4iOu
4BqwborCXiG76d8LNV1YMVI=
=ZQG1
-----END PGP SIGNATURE-----
--FFoLq8A0u+X9iRU8--