At 10:04 PM -0700 5/13/99, Udhay Shankar N said:
1. All encrypted or clearsigned messages go out as _attachments_, and
not as message bodies. This leads to a profusion of files with the
extension .MSG in the \WINDOWS\TEMP directory. The plugin apparently
does not delete these files after sending.
You probably have the preference for "use PGP/MIME by default" turned on.
Turn it off. MIME security encodings are a crock, as you well know.
2. If you choose to encrypt a message, the resulting encrypted
attachment _includes the .sig_. In the earlier version of the plugin,
which came with PGP 5.5.3i, thsi was not the case.
Both of the above appear to decrease security, especially the second,
which would result in known plaintext in each encrypted message you
send. Or am I missing something here ?
With all due respect, (1) is neutral to security. (2) is debatable. I know
that many people have complained that the plugin did *not* include the
.sig. I've found it annoying myself, because my old sig included contact
information and I wanted that signed. I think that (2) is fixing a bug,
myself.
Jon
