Anyone know what became of the Gaim-E Project?
Ingo Klöcker
kloecker at kde.org
Tue Nov 4 11:25:54 CET 2008
On Monday 03 November 2008, Robert J. Hansen wrote:
> > Fair enough, but I think all these examples rely on faulty or
> > insufficient metadata. For instance if the from, to, cc, bcc and
> > subject headers were included in the sealing, things like this
> > would not happen. (Not sure exactly what headers pgp-mime does
> > include much less s/mime).
>
> How is Alice supposed to know what metadata is necessary? Alice
> isn't omniscient. Even if Alice puts in metadata A, B and C, Bob
> will just use an attack that relies on the non-presence of metadata
> D.
It's not Alice, but Charlie who needs to know what metadata he needs to
trust that the message was meant for him. If this metadata is not
present he should ignore the message or ask Alice for confirmation.
Alice might have made the attack possible, but it's Charlie who has
fallen for the attack. He's to blame, not Alice.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20081104/f83a0520/attachment.pgp>
More information about the Gnupg-users
mailing list