pgp/mime vs in-line pgp

Atom 'Smasher' atom-gpg at
Tue Apr 13 22:53:02 CEST 2004

Hash: SHA1

> > it would be nice to sign/encrypt attachments all at once, but i can always
> > sign/encrypt them individually, before attaching them.
> An attacker can delete one of those attached and signed documents and
> insert an old (previously catched) version of that document which
> carries an old price tag for the now entirely changed specification
> document in the other attachment ...  Oh yes, you can add another
> attchment with checksums over all the attached documents.

usually, if there's a need to sign (not encrypt) an attachment, i can
(while limited by pine) include a hash of the attachment(s) in the body of
the email and sign that. you point out a need to do that also for
encrypted attachments.

> Why on earth going into such troubles if a well working and good
> protocol exists for nearly a decade: rfc-1847 (MOSS) on which S/MIME
> as well as PGP/MIME are based upon.  BTW, the changes in rfc-3156
> compared to rfc-2015 are minimal and actually a clarification of some
> points in 2015.  Rfc-2015 is nearly 8 years old - that's the
> Windows-95 area!  So please don't say, there was not enough time to
> implement such a simple thing.

now to convince the pine team at UW to implement such a simple thing!


 PGP key -
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"We must learn to live together as brothers
	 or perish together as fools."
		-- Martin Luther King, Jr.
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list