NAI PGP open to ADK attack

Thomas Roessler roessler at does-not-exist.org
Mon Aug 28 19:14:28 CEST 2000


On 2000-08-28 08:46:54 -0700, Rich Wales wrote:

> Upon further thought, I would change this proposal so that warnings
> would not be produced simply because a message is encrypted to its
> sender as well as to its recipient.

The notion of the "sender" may not be well-defined from gnupg's
point of view.  More precisely, it only makes sense with signed and
encrypted messages.

Anyway, your proposition would produce warnings when encountering
messages which are commonly created by mail user agents such as
mutt, or by the Windows and Macintosh versions of PGP when the
sender sends messages to various recipients.

So, while the idea might be nice, it won't work in practice.

-- 
Thomas Roessler                         <roessler at does-not-exist.org>



More information about the Gnupg-devel mailing list