GPG PGP S/Mime vulnerability

[Guy Van Sanden]

I've read through Don Davis' whitepaper about the disadvanteges of the=20=

current sign (and encrypt) features in all common standards to do so.

His basic reasoning (and I've tried it, it works!) is:
I send a signed message to someone stating "you're fired".  He gets=20
angry and decides to get even with another collegue...
Using SMPT he puts my address in the from header, then pastes the=20
entire source of my signed message to him in the body (including the=20=

signatures), and sends it of to someone else...

That last person opens a message, which he thinks comes from me, and=20=

trusts the contents because the signature is verified!

More info is over here:
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps

Kind regards

Guy