Anyone know what became of the Gaim-E Project?
David Picón Álvarez
david at miradoiro.com
Mon Nov 3 22:08:03 CET 2008
From: "Robert J. Hansen" <rjh at sixdemonbag.org>
> To turn the "I love you" example into an attack, consider this: Alice
> sends Bob a message saying "Remember, you need to deliver the product at
> midnight." Bob, who doesn't want responsibility for delivering the
> product, cuts-and-pastes Alice's message and sends it on to Charlie,
> forging it as being from Alice. Charlie receives a message that seems to
> be from Alice, has a meaningful message, and has a valid signature from a
> trusted key. Charlie delivers the product at midnight. The next day
> Alice sees the product was delivered, and sends Bob a message saying
> "thank you for delivering the product, the check is in the mail."
Fair enough, but I think all these examples rely on faulty or insufficient
metadata. For instance if the from, to, cc, bcc and subject headers were
included in the sealing, things like this would not happen. (Not sure
exactly what headers pgp-mime does include much less s/mime).
--David.
More information about the Gnupg-users
mailing list