FW: Serious bug in PGP - versions 5 and 6

sen_ml@eccosys.com sen_ml@eccosys.com
Thu, 24 Aug 2000 17:09:05 +0900

From: "Simpson, Sam" <s.simpson@mia.co.uk>
Subject: [PGP-USERS] FW: Serious bug in PGP - versions 5 and 6 
Date: Thu, 24 Aug 2000 08:43:13 +0100
Message-ID: <04DD95EB6E9FD31199D400A0C9A6CFFFDD6867@EXCHANGE>

> Sounds serious to me....Any comments from NAI staff?
i'm not nai staff, but it sounds like the keyserver modifications, etc. that Len Sassaman has been talking about [1] would be helpful for preventing some of this kind of thing. [ of course, this wouldn't be that helpful for keys that have already been modified and retrieved. ] shouldn't it also be possible for a user to specify precisely which keys to encrypt to or be warned when encrypting to keys other than the "obvious ones" (e.g. in the context of encrypting a message, a user could be warned that the software is about to encrypt to a key of some entity not in the set of recipients of the message)? [1] the key server preferences flag being set so that only the owner can update the key -- and the keyservers honoring this feature: Message-ID: <Pine.LNX.4.21.QNWS_2.0006221919320.1598-100000@thetis.deor.org> -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org