security issue with signing files

Florian Weimer
Sat Nov 24 18:20:01 2001

"Kent Tong" <> writes:

> Suppose a user is about to sign a file that he has just viewed, but
> someone else modifies the files over the network, then he will sign
> over the arbitrary contents written by anyone who has write access?


> How to solve this problem?

Always sign a local copy.