Anyone know what became of the Gaim-E Project?

David Picón Álvarez david at
Mon Nov 3 22:08:03 CET 2008

From: "Robert J. Hansen" <rjh at>
> To turn the "I love you" example into an attack, consider this: Alice 
> sends Bob a message saying "Remember, you need to deliver the product  at 
> midnight."  Bob, who doesn't want responsibility for delivering the 
> product, cuts-and-pastes Alice's message and sends it on to Charlie, 
> forging it as being from Alice.  Charlie receives a message that seems  to 
> be from Alice, has a meaningful message, and has a valid signature  from a 
> trusted key.  Charlie delivers the product at midnight.  The  next day 
> Alice sees the product was delivered, and sends Bob a message  saying 
> "thank you for delivering the product, the check is in the mail."

Fair enough, but I think all these examples rely on faulty or insufficient 
metadata. For instance if the from, to, cc, bcc and subject headers were 
included in the sealing, things like this would not happen. (Not sure 
exactly what headers pgp-mime does include much less s/mime).


More information about the Gnupg-users mailing list