Janusz A. Urbanowicz
alex at syjon.fantastyka.net
Fri Jan 3 15:41:01 CET 2003
On Fri, Jan 03, 2003 at 09:10:29AM -0500, David Shaw wrote:
> > A MUA should even check that the From/Reply-to address matches one of
> > the user ID in the signature. Without this it would be easy to trick
> > someone to reply (probably including quoted decrypted text) to a man
> > in the middle.
> I agree with you, but - there is no good way for the MUA to get this
> information right now. The text is currently:
> gpg: Good signature from "primary uid"
> gpg: aka "another uid"
> gpg: aka "yet another uid"
> gpg: aka "still another uid"
> There is no --with-colons or --status-fd version of the display, so
> the MUA needs to do a huge amount of string manipulation to extract
> the user IDs out of the text output by GnuPG.
And the text changes if locale is set.
More information about the Gnupg-devel