GPG PGP S/Mime vulnerability

Anthony E. Greene agreene@pobox.com
Thu Aug 9 02:25:01 2001


On Wed, 8 Aug 2001, Julia A. Case wrote:

>Quoting Guy Van Sanden (sienix@crosswinds.net):
>> Again, you are right about that, but the currently proposed
>> legistation would put responsability with the customer.
>> The point is, that if the signatures would incorporate the
>> message-headers, they would provide better security...
>>
>
>Headers change on the server too often, I even change headers where
>delivering email on the server (as part of anti-spam handling we add
>certian headers to indicate the likelyhood of it being spam so that an
>email client can sort on those headers)... This doesn't seem like it
>would work well to me.
I think he means the From, To, Date, and Subject headers, all of which are known to the mail client at the time of composition. If mail clients inserted this data into the message before calling PGP, that would be an automated solution to the problem, assuming these headers had enough specific information to be of any help. Tony -- Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/> PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Chat: AOL/Yahoo: TonyG05 Linux. The choice of a GNU Generation. <http://www.linux.org/>