no, it's not an email client problem, ...

Sven Radde sven at radde.name
Wed Apr 4 08:44:32 CEST 2007


Hi!

Robert J. Hansen schrieb:
> It is not feasible to undetectably remove, add, or modify text in a
> clearsigned message.
>
> Your example adds, modifies, etc., text in the _signature_.
>
> The _message_ remains protected.
It should have become clear by the course of the discussion that not
everybody is aware of this (arguably) subtle distinction.
I assume that it would even less the case for GnuPG users that do not
follow this list (i.e. non-geeks, a.k.a. end-users, no offense intended :-).
I thought myself to be quite an adept user of GnuPG but did not realize
that Comment lines could be freely altered. Congrats to everyone who was
actively aware of the fact before this discussion was brought up here,
but, IMHO, said group would have been limited to the developers or other
deeply involved people.

On the other hand, the implications of this are not so serious as to
make a huge fuss about it.
I would suggest to include a suitable paragraph into the man-pages and
other end-user targeted documentation on gnupg.org. While a end-user
cannot be expected to read an RFC, the man-page is surely not beyond
his/her reach.

cu, Sven



More information about the Gnupg-users mailing list