comment and version fields.

Robert J. Hansen rjh at sixdemonbag.org
Mon Apr 2 16:46:12 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> p.s. of course I've altered his clearsigned post in this example.  
> But it would still
> verify properly. This is my point.

This is a nonissue.  I can't think of a stronger way to put it.  The  
mutability of the comment and version string is well known and  
clearly documented in the RFC.

If you wish to use a tool, you are responsible for knowing the  
operation of that tool.  If you wish to be ignorant, you will remain  
forever exploitable.  There is no technological cure for this.  All  
technological attempts to cure this are doomed to fail.

For every human-factors problem there exist technological solutions  
which are cheap, easy and wrong.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBCAAGBQJGERc1AAoJELcA9IL+r4EJEgEIAONnqma05JYq7phSi85pCaPO
0z0DHlAzAbgyYWB410aLEJvWhV1kW7g8FpMUxayTEk4Le8fS4i2tj10v3YrEta3N
viQ7yoYRDKUTTRD0TnpfUr+pjGvBEpgE4eEm+uzF7Gw961u71SgwCJtKwzvCy3f/
BeLLVsv8mWaC6m+iNCm1ICUEUOv32mN1TgTCNa0l+XCupP8z1qFkJb7919kGEU7r
3g/bxJ+u/ZNjIZcykCN5E7mTF9bYE3C8PjyNIpkBs7U5yLpsjtsGkSB04sOB2p4R
Rw+zfYAQtxerva721zHOU0XlXd82Ny5WhYY1tJ7EB4+gbhgTFCUGljSDnu/fUcg=
=StmC
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list