Ehud Karni wrote:
PGP only signs the body of the message. So does S/MIME. Neither sign the date, recipients, or even the subject. With enough human engineering, you can be tricked into sending an email message that can be viewed out of context. Now, GPG is a little better, because the signature itself, at least on some of the algorithms, has a timestamp. Still, I can always try and use this signed email from you in a context you did not expect, add a fake subject line, and claim that you owe me 10,000,000$.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 09 Aug 2004 16:29:04 +0300, Shachar Shemesh <[EMAIL PROTECTED]> wrote:
Do you realize the dangers of signing each and every silly email you send?
NO. Please enlighten me.
Ehud.
I heartily suggest only signing message you intend to clearly from you. Anything that does not NEED to be signed had better not be signed. If you do sign a message, make sure that it has all the context for the reason you are signing it.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
