Anderson's attack?

Ben Pearre bwpearre at
Wed Feb 6 19:13:02 CET 2002

I'm sorry if this is in the archives - I looked but didn't find it.

This seems like a legitimate concern:

Has this been addressed in GnuPG?  The documentation doesn't mention
whether gpg --encrypt --sign does Encrypt/Sign or Sign/Encrypt or
what.  What's really going on in there?

Should there be an option --both, which does sign/encrypt/sign or some
such?  I believe that the first time I installed PGP, there was an
option in my MUA to encrypt the relevant headers, but I don't think
that this is a problem that should be foisted upon the MUA developers,
as no-one seems to know about this issue.



bwpearre at      
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20020206/9abc80ad/attachment.bin

More information about the Gnupg-devel mailing list