GPG PGP S/Mime vulnerability

Anthony E. Greene agreene@pobox.com
Sat Aug 11 16:06:02 2001


On Sat, 11 Aug 2001, Johan Wevers wrote:

>Anthony E. Greene wrote:
>
>> The From header would not have to match the signing key. That header, and
>> the others, would be added to the text of the message itself to reduce the
>> ambiguity of the message.
>
>But even if I sign a message I don't want the mail program to think of
>himself what information there should be signed. Perhaps I don't want this
>info to be signed. Besides, changing the Form address and the system time
>is easy.
But you can't easily change the system time of the other mail servers whose receipt time is shown in the headers. The recipient also has their own system time. I am not advocating that this be done. I was only explaining what the original poster meant. My own opinion is that this is not really a problem. Tony -- Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/> PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Chat: AOL/Yahoo: TonyG05 Linux. The choice of a GNU Generation. <http://www.linux.org/>