FW: Inquiry
Anthony E. Greene
agreene@pobox.com
Wed Oct 17 00:34:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 16 Oct 2001, Matthias Bruestle wrote:
>On Tue, Oct 16, 2001 at 09:07:22PM +0100, Owen Blacker wrote:
>> And some people can't even download executables from a website. I could
>> arrange to send myslef an SDA, were I going to the clients' offices, but
>> I might not be able to download GnuPG there (and certainly wouldn't be
>> allowed to install it without spending far too much time persuading
>> idiot IT staff that it's OK.
>
>So you want to send encrypted and highly confidential data together
>with some totaly unauthenticated executable code by mail, so that
>mallory could modify the unauthenticated code to send back the content
>or password, when the recipient executes it?
How useful SDAs are depends on your threat model. Not all snoops have the
resources to accomplish this type of MITM attack in the required time.
Tony
- --
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94329D
iD8DBQE7zLVkpCpg3WyUI50RAtf0AJoDb0DenlxUoxcfgaCOJlZ8kOY5sgCdFTv0
JtHwBMG7pjLyQ0UdR2T2t8U=
=2Ay3
-----END PGP SIGNATURE-----