-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > p.s. of course I've altered his clearsigned post in this example. > But it would still > verify properly. This is my point.
This is a nonissue. I can't think of a stronger way to put it. The mutability of the comment and version string is well known and clearly documented in the RFC. If you wish to use a tool, you are responsible for knowing the operation of that tool. If you wish to be ignorant, you will remain forever exploitable. There is no technological cure for this. All technological attempts to cure this are doomed to fail. For every human-factors problem there exist technological solutions which are cheap, easy and wrong. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJGERc1AAoJELcA9IL+r4EJEgEIAONnqma05JYq7phSi85pCaPO 0z0DHlAzAbgyYWB410aLEJvWhV1kW7g8FpMUxayTEk4Le8fS4i2tj10v3YrEta3N viQ7yoYRDKUTTRD0TnpfUr+pjGvBEpgE4eEm+uzF7Gw961u71SgwCJtKwzvCy3f/ BeLLVsv8mWaC6m+iNCm1ICUEUOv32mN1TgTCNa0l+XCupP8z1qFkJb7919kGEU7r 3g/bxJ+u/ZNjIZcykCN5E7mTF9bYE3C8PjyNIpkBs7U5yLpsjtsGkSB04sOB2p4R Rw+zfYAQtxerva721zHOU0XlXd82Ny5WhYY1tJ7EB4+gbhgTFCUGljSDnu/fUcg= =StmC -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
