GPG support in Mahogany

Shawn K. Quinn skquinn@speakeasy.net
Thu Dec 12 18:14:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday December 10 2002 09:25, Xavier Nodet wrote:
> Something more specific to mails. When a message is signed, we should
> verify that the 'From:' header actually matches one of the IDs of the
> signing key. This prevents an attacker from forging headers to make
> the recipient believe he got the message from a third person.

This breaks when someone is using anonymous remailers or other methods=20
which conceal the real e-mail address to defeat traffic analysis.

- --=20
Shawn K. Quinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9+MLDQVXDBVmaIp0RAoBWAKCbR61eGA2IaGoAw7X09DG4kLS9awCgoI1O
K/Y/w7YJKqd/OzgcVHXVrLY=3D
=3Dqebs
-----END PGP SIGNATURE-----