security patches

Sat Oct 6 23:11:01 2001

On Sat, 06 Oct 2001 22:39:22 +0200, Florian Weimer said:

> With the current development version, you can even strip the local

> flag without invalidating the signature.

Ah yes, it is in the non hashed area.  OpenPGP is vague about this.
Thinking again about this issue and somepossible threat models it
might make sense to put it into the hashed area.  After all the use of
the unhashed area is somewhat questionable; itwould have been better
to put such informations intoan extra packet and avoid this at all in
OpenPGP.  BTW, the same is true for S/MIME.

   Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus