On Wed, Apr 26, 2006 at 10:41:12PM -0400, Steven M. Bellovin wrote: > > Ah -- corporate key escrow. An overt back door for Little Brother, rather > than a covert one for Big Brother....
You should check the list of recipient keys in PGP messages from time to time anyway. I recently found a bug in an MTU plugin: Once you had a PGP pubkey with an empty ID in your keyring, the plugin had always added this key to the recipient keys, although the owner was not listed as a recipient of the e-mail. As far as we debugged, the key had to be in 'trusted' state, but it worked. Once you managed to have your pubkey added to someone else's keyring with an additional empty user ID (what most users never realize) you could read any encrypted mail sent by that person. regards Hadmut --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
