GPG PGP S/Mime vulnerability
Anthony E. Greene
agreene@pobox.com
Sat Aug 11 16:06:02 2001
On Sat, 11 Aug 2001, Johan Wevers wrote:
>Anthony E. Greene wrote:
>
>> The From header would not have to match the signing key. That header, and
>> the others, would be added to the text of the message itself to reduce the
>> ambiguity of the message.
>
>But even if I sign a message I don't want the mail program to think of
>himself what information there should be signed. Perhaps I don't want this
>info to be signed. Besides, changing the Form address and the system time
>is easy.
But you can't easily change the system time of the other mail servers
whose receipt time is shown in the headers. The recipient also has their
own system time.
I am not advocating that this be done. I was only explaining what the
original poster meant. My own opinion is that this is not really a
problem.
Tony
--
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU Generation. <http://www.linux.org/>