GPG support in Mahogany

Werner Koch
Wed Dec 11 10:29:01 2002

On Tue, 10 Dec 2002 17:39:03 +0100, Xavier Nodet said:

> I was not clear enough. I was only speaking about a warning (which could
> be disabled) when the user *receives* a message. I had not thought about
> a warning when sending a signed message.

You should issue a warning when doing a reply on a encrypted+signed
message when the reply-address (taken from Reply-To or From) does not
mathc one of the user IDs in the signature of the original message.
Without that it is easy to mount a replay attack: Intercept a message,
add a Reply-To header and send it to the original recipient.  A
recipient replying to this message is likely to send a quoted message
back to the forged address if this address is also one he trusts -
think of a lawyer who communicates with both parties and as such has
trusted keys for both.