no, it's not an email client problem, it's what I said at the start
Todd Zullinger
tmz at pobox.com
Wed Apr 4 00:49:07 CEST 2007
randux at Safe-mail.net wrote:
> It's either a GnuPG problem or an RFC problem.
It could also be a PEBKAC. :)
> It's possible to add or remove or modify text in a clearsigned
> message. If that's what the RFC allows, then the RFC is broken. If
> the RFC doesn't allow it then GnuPG is broken.
It is neither. You can change a comment field which is not used for
any cryptographic purpose.
This is not a GnuPG problem, therefore by your logic it must be a
problem with the RFC. In that case, please direct further mail to the
openpgp working group.
> This kind of sloppy exposure is out of place in the product/RFC.
> Making excuses or trying to explain around it or blame it on email
> clients is silly and not fooling anyone.
Perhaps the comment field should simply be renamed to "this is only a
comment, it's not part of the signed message so you shouldn't infer
that it is secured:". Or, if you don't like the comment field, don't
set it in your gpg config.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
It seems such a pity that Noah and his party did not miss the boat.
-- Mark Twain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : /pipermail/attachments/20070403/73a45345/attachment.pgp
More information about the Gnupg-users
mailing list