Anderson's attack?
Ben Pearre
bwpearre@alumni.princeton.edu
Fri Mar 1 23:48:01 2002
--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Feb 06, 2002 at 03:50:22PM -0800, Len Sassaman wrote:
> This was addressed pretty thoroughly on the Cryptography list when Davis's
> paper first came out. Basically, the "flaws" the paper is discussing are
> social, not technical. The steps that can be taken on a technical level
> to prevent this are few. (FWIW, OpenPGP's timestamping helps this a bit.)
Ok, y'all have convinced me that this is a mailer problem, not an
engine problem. But it's very widespread. Couldn't it at least be
better documented?
I couldn't find any info in the documentation as to whether it
encrypt-signed or sign-encrypted, and what the implications were.
Just make it clear that when something arrives encrypted, gpg doesn't
know who encrypted it. This would probably want to go in the man
page, where people who read about --encrypt and --sign will see it.
Cheers,
-Ben
--=20
bwpearre@alumni.princeton.edu http://hebb.mit.edu/~ben
--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8gAS5+CWfKs/abNoRAonAAKDRVWJtpcW0O3S0KCeP2Nthc/PHfwCg/qZc
8nT/PZ7Hh8gv9QyDIAq6tjE=
=kgLm
-----END PGP SIGNATURE-----
--IS0zKkzwUGydFO0o--