Werner Koch
Mon Sep 29 00:23:01 CEST 2003

On Sun, 28 Sep 2003 22:26:45 +0200, Ingo Klöcker said:

>> sends an encrypted mail from another emailaddress than the one in the
>> key ?

> Nothing special. It's irrelevant which email address appears in the 
> From: header.

However the MUA should warn when the From/Reply-To address does not
match the address of the signer in a signed+encrypted message.  The
problem here is that one usually replies to a mail, quoting large
amounts and sending that back encrypted to the reply address.  If by
means of an MITM attack the From header was changed to an address
which happens to be also trusted, the attacker will easily get a lot
of plaintext.

Werner Koch                                      <>
The GnuPG Experts                      
Free Software Foundation Europe	       

More information about the Gnupg-users mailing list