Anderson's attack?
Ben Pearre
bwpearre at mit.edu
Wed Feb 6 19:13:02 CET 2002
I'm sorry if this is in the archives - I looked but didn't find it.
This seems like a legitimate concern:
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
Has this been addressed in GnuPG? The documentation doesn't mention
whether gpg --encrypt --sign does Encrypt/Sign or Sign/Encrypt or
what. What's really going on in there?
Should there be an option --both, which does sign/encrypt/sign or some
such? I believe that the first time I installed PGP, there was an
option in my MUA to encrypt the relevant headers, but I don't think
that this is a problem that should be foisted upon the MUA developers,
as no-one seems to know about this issue.
Thoughts?
Cheers!
-Ben
--
bwpearre at alumni.princeton.edu http://hebb.mit.edu/~ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20020206/9abc80ad/attachment.bin
More information about the Gnupg-devel
mailing list