Improved verification of messages

Werner Koch
Wed, 13 Sep 2000 11:15:36 +0200

On Wed, 13 Sep 2000, - wrote:

> someone does happen to get a copy of the public key
> from the server, then they *may* be able to forge an
> encrypted order (with perhaps lower prices for some of
> the articles).
So you need to sign the mail using a secret key oin the server. Another way would be to just put some secret string into the encrypted mail or recheck each receiver mail with a log kept on the server. Anyway, an attacker who gets access to the webserver will be able to do whatever he wants. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to