GPG PGP S/Mime vulnerability
Anthony E. Greene
agreene@pobox.com
Thu Aug 9 02:25:01 2001
On Wed, 8 Aug 2001, Julia A. Case wrote:
>Quoting Guy Van Sanden (sienix@crosswinds.net):
>> Again, you are right about that, but the currently proposed
>> legistation would put responsability with the customer.
>> The point is, that if the signatures would incorporate the
>> message-headers, they would provide better security...
>>
>
>Headers change on the server too often, I even change headers where
>delivering email on the server (as part of anti-spam handling we add
>certian headers to indicate the likelyhood of it being spam so that an
>email client can sort on those headers)... This doesn't seem like it
>would work well to me.
I think he means the From, To, Date, and Subject headers, all of which are
known to the mail client at the time of composition. If mail clients
inserted this data into the message before calling PGP, that would be an
automated solution to the problem, assuming these headers had enough
specific information to be of any help.
Tony
--
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU Generation. <http://www.linux.org/>