pgp/mime vs in-line pgp
Atom 'Smasher'
atom-gpg at suspicious.org
Tue Apr 13 22:53:02 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > it would be nice to sign/encrypt attachments all at once, but i can always
> > sign/encrypt them individually, before attaching them.
>
> An attacker can delete one of those attached and signed documents and
> insert an old (previously catched) version of that document which
> carries an old price tag for the now entirely changed specification
> document in the other attachment ... Oh yes, you can add another
> attchment with checksums over all the attached documents.
===================
usually, if there's a need to sign (not encrypt) an attachment, i can
(while limited by pine) include a hash of the attachment(s) in the body of
the email and sign that. you point out a need to do that also for
encrypted attachments.
> Why on earth going into such troubles if a well working and good
> protocol exists for nearly a decade: rfc-1847 (MOSS) on which S/MIME
> as well as PGP/MIME are based upon. BTW, the changes in rfc-3156
> compared to rfc-2015 are minimal and actually a clarification of some
> points in 2015. Rfc-2015 is nearly 8 years old - that's the
> Windows-95 area! So please don't say, there was not enough time to
> implement such a simple thing.
===================
now to convince the pine team at UW to implement such a simple thing!
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"We must learn to live together as brothers
or perish together as fools."
-- Martin Luther King, Jr.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkB8UzIACgkQnCgLvz19QeNYpgCghd8R2nusiAeSrA5sb0Tqt7PO
t5sAmQHl57Krp1O3ybG60bdqqilmsoUQ
=1+YW
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list