FW: Serious bug in PGP - versions 5 and 6
sen_ml@eccosys.com
sen_ml@eccosys.com
Thu, 24 Aug 2000 17:09:05 +0900
From: "Simpson, Sam" <s.simpson@mia.co.uk>
Subject: [PGP-USERS] FW: Serious bug in PGP - versions 5 and 6
Date: Thu, 24 Aug 2000 08:43:13 +0100
Message-ID: <04DD95EB6E9FD31199D400A0C9A6CFFFDD6867@EXCHANGE>
> Sounds serious to me....Any comments from NAI staff?
i'm not nai staff, but it sounds like the keyserver modifications,
etc. that Len Sassaman has been talking about [1] would be helpful for
preventing some of this kind of thing. [ of course, this wouldn't be
that helpful for keys that have already been modified and retrieved. ]
shouldn't it also be possible for a user to specify precisely which
keys to encrypt to or be warned when encrypting to keys other than the
"obvious ones" (e.g. in the context of encrypting a message, a user
could be warned that the software is about to encrypt to a key of some
entity not in the set of recipients of the message)?
[1] the key server preferences flag being set so that only
the owner can update the key -- and the keyservers honoring this
feature:
Message-ID: <Pine.LNX.4.21.QNWS_2.0006221919320.1598-100000@thetis.deor.org>
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org