Mon Sep 29 00:23:01 CEST 2003
On Sun, 28 Sep 2003 22:26:45 +0200, Ingo Klöcker said:
>> sends an encrypted mail from another emailaddress than the one in the
>> key ?
> Nothing special. It's irrelevant which email address appears in the
> From: header.
However the MUA should warn when the From/Reply-To address does not
match the address of the signer in a signed+encrypted message. The
problem here is that one usually replies to a mail, quoting large
amounts and sending that back encrypted to the reply address. If by
means of an MITM attack the From header was changed to an address
which happens to be also trusted, the attacker will easily get a lot
Werner Koch <firstname.lastname@example.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the Gnupg-users