Create Subkey Binding
David Shaw
dshaw@jabberwocky.com
Fri Jan 24 18:47:02 2003
On Fri, Jan 24, 2003 at 11:32:24AM -0600, Richard Laager wrote:
> > In any event, both GnuPG and PGP will properly refuse to use the
> > corrupted key. I think you need to get the s-mail people to fix
> > the bug.
>
> I've sent them some information on the issue. I don't know what'll
> happen, but I did what I could. Unless S-Mail follows my suggestions,
> there service is basically a webmail account that happens to use
> OpenPGP internally. However, their client is the only thing that sees
> the OpenPGP encryption, and so the user can't verify what its doing
> anyways. Since the encryption (and signing) are for S-Mail to S-Mail
> users only, very little protection is offered over a standard mail
> setup.
Indeed. You might tell the S-Mail people that such keys also violate
RFC-2440.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson