Mutt/GnuPG-Outlook-plugin diffs / Support for Microsoft's .epf, .pfx, .p12 ?

Luis R. Rodriguez mcgrof at
Thu Feb 12 17:23:46 CET 2004

On Thu, Feb 12, 2004 at 04:48:37PM -0500, gabriel rosenkoetter wrote:
> As near as I can tell from Outlook's interface, anybody
> can create a certificate saying they're anybody (they might actually
> have to go to the trouble of setting those "anybody" settings within
> their copy of Outlook, of course), and then other people using
> Outlook will believe their certificate. That doesn't sound very
> secure to me, but maybe I'm missing something about the
> implementation.

I believe you have confused the identify tags (.vfc) allowed by Outlook
and the certs we're discussing. Outlook allows you to try to "create"
your own certificate and guess what happens when you try? 

No, sorry, it doesn't just ask you for an e-mail, and your name.. It
brings you to a page where you can *purchase* a certificate. Among the
companies listed is VeriSign. 

The .vfc (vCard File) files just seem to be another bad idea by MS to 
bloat e-mail traffic with uncessary/unwanted attachments just to allow
recipients to view a sender's detailed contact info (mind you,
sometimes there are just empty).


More information about the Gnupg-users mailing list