[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FWIW, it seems that a hole has been discovered in PGP 2.6.1, 2.7, 2.6,
2.3a, and most likely earlier versions as well. Apparently, it is possible
to insert cleartext within a signed message and still receive a good sig
message upon verification. Interested parties are referred to alt.security.
pgp for a rather lengthy thread on this subject. I haven't seen anything
on the cp list yet and thought those who don't read news regularly might
find this information to be useful. I can forward the entire thread via
email upon request.
=D.C. Williams <[email protected]>