-------- Original Message -------- From: "Robert J. Hansen" <[EMAIL PROTECTED]> Cc: GnuPG users <[email protected]> Subject: Re: comment and version fields. Date: Mon, 2 Apr 2007 09:46:12 -0500
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > p.s. of course I've altered his clearsigned post in this example. > > But it would still > > verify properly. This is my point. > > This is a nonissue. I can't think of a stronger way to put it. The > mutability of the comment and version string is well known and > clearly documented in the RFC. > > If you wish to use a tool, you are responsible for knowing the > operation of that tool. If you wish to be ignorant, you will remain > forever exploitable. There is no technological cure for this. All > technological attempts to cure this are doomed to fail. > > For every human-factors problem there exist technological solutions > which are cheap, easy and wrong. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > > iQEcBAEBCAAGBQJGERc1AAoJELcA9IL+r4EJEgEIAONnqma05JYq7phSi85pCaPO > 0z0DHlAzAbgyYWB410aLEJvWhV1kW7g8FpMUxayTEk4Le8fS4i2tj10v3YrEta3N > viQ7yoYRDKUTTRD0TnpfUr+pjGvBEpgE4eEm+uzF7Gw961u71SgwCJtKwzvCy3f/ > BeLLVsv8mWaC6m+iNCm1ICUEUOv32mN1TgTCNa0l+XCupP8z1qFkJb7919kGEU7r > 3g/bxJ+u/ZNjIZcykCN5E7mTF9bYE3C8PjyNIpkBs7U5yLpsjtsGkSB04sOB2p4R > Rw+zfYAQtxerva721zHOU0XlXd82Ny5WhYY1tJ7EB4+gbhgTFCUGljSDnu/fUcg= > =StmC > -----END PGP SIGNATURE----- No, you're misunderstanding me. I'm not concerned with the technical user who posts a question to a news list and understands the issue. I'm wondering about the non-technical (business) user who gets a plug-in for his email client and then misinterprets a modified signature block that someone tampered with. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
