Improved verification of messages
Wed, 13 Sep 2000 11:15:36 +0200
On Wed, 13 Sep 2000, - wrote:
> someone does happen to get a copy of the public key
> from the server, then they *may* be able to forge an
> encrypted order (with perhaps lower prices for some of
> the articles).
So you need to sign the mail using a secret key oin the server.
Another way would be to just put some secret string into the
encrypted mail or recheck each receiver mail with a log kept on the
Anyway, an attacker who gets access to the webserver will be able to
do whatever he wants.
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org