Reading new key packages (Re: Coexistence with OpenPGP/IETF)
Werner Koch
wk at gnupg.org
Sun Jan 7 15:29:30 CET 2024
On Sat, 6 Jan 2024 17:29, Stephan Verbücheln said:
> What about malicious filenames?
What about other malicious content in spreadsheet and other documents?
That is even worse. But at least you are able to know the origin due to
the signature.
Nobody with a sane mind uses the metadata to directly save to a file
with that name without taking necessary precautions. However, having it
covered by the signatures puts the meta data at the same security level
as the actual data.
Salam-Shalom,
Werner
p.s. Please don't extend this discussion. The whole thing has been
discussed more than 25 years ago and we all agreed that this is a but
which should eventually be fixed. With the v5 sigature this was
possible and has been done - 5 years ago.
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240107/c3074e90/attachment.sig>
More information about the LibrePGP-discuss
mailing list