pgp/mime vs in-line pgp

Atom 'Smasher' atom-gpg at suspicious.org
Tue Apr 13 22:53:02 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > it would be nice to sign/encrypt attachments all at once, but i can always
> > sign/encrypt them individually, before attaching them.
>
> An attacker can delete one of those attached and signed documents and
> insert an old (previously catched) version of that document which
> carries an old price tag for the now entirely changed specification
> document in the other attachment ...  Oh yes, you can add another
> attchment with checksums over all the attached documents.
===================

usually, if there's a need to sign (not encrypt) an attachment, i can
(while limited by pine) include a hash of the attachment(s) in the body of
the email and sign that. you point out a need to do that also for
encrypted attachments.


> Why on earth going into such troubles if a well working and good
> protocol exists for nearly a decade: rfc-1847 (MOSS) on which S/MIME
> as well as PGP/MIME are based upon.  BTW, the changes in rfc-3156
> compared to rfc-2015 are minimal and actually a clarification of some
> points in 2015.  Rfc-2015 is nearly 8 years old - that's the
> Windows-95 area!  So please don't say, there was not enough time to
> implement such a simple thing.
===================

now to convince the pine team at UW to implement such a simple thing!



        ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"We must learn to live together as brothers
	 or perish together as fools."
		-- Martin Luther King, Jr.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkB8UzIACgkQnCgLvz19QeNYpgCghd8R2nusiAeSrA5sb0Tqt7PO
t5sAmQHl57Krp1O3ybG60bdqqilmsoUQ
=1+YW
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list