Does GNUPG have the PGP ADK weakness?
Werner Koch
wk@gnupg.org
Mon, 28 Aug 2000 10:22:09 +0200
NO!
And I am a little bit tired of repeating that over and over ;)
GnuPG does not know about ARR and therefore it is simply not able to
encrypt to a key from an ARR. I changed that on Friday, so that you
can now look at the ARR keys with --list-packets - but they are *not
used* in any other way than listing. ARRs not defined by OpenPGP.
BTW, the CERT advisory and the followup to Ross Andersons orginal
announcemnet to ukcrypto got it right.
Some statements by Ralf Senderek may have led to some confusion and
I have the impression that he published his paper without contacting
NAI prior to give them a chance to fix the bug.
Werner
--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org