[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A weakness in PGP signatures, and a suggested solution (long)
- Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
- From: [email protected] (Hans-Joachim Zierke)
- Date: 29 Dec 1995 00:00:00 +0000
- Apparently-To: [email protected]
- Newsgroups: alt.security.pgp,mail.cypherpunks,sci.crypt
- Organization: T�pfelchen-R�cher GmbH
- References: <[email protected]>
- Sender: [email protected]
- Xref: hudson.lm.com alt.security.pgp:48592 mail.cypherpunks:23375 sci.crypt:47518
-----BEGIN PGP SIGNED MESSAGE-----
Dr. Dimitri Vulis writes:
> I suggest to the kind folks working on PGP 3 that there should be a
> standard protocol to include within the signed portion the information on
> when and for whom this text is written: i.e. the list of e-mail recipients
> and/or Usenet newsgroups, which could be easily compared with the RFC
> 822/1036 headers of an e-mail/Usenet article.
This assumes that every Usenet site uses RFC 822/1036 headers locally. This
is no real-world assumption.
And the clearsign problem can be solved with MIME only, since currently,
the MIME 8-bit character set conversion will kill the validity of
signatures, regardless whether being forged or not.
Since I know this, I seldom use clearsigning. Quite simply, it does not
work, and that's a more severe problem. If an error on signature validation
is the normality, not the exception, the whole stuff does not make any
sense.
hajo
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Sig validation of clearsigned 8 bit text is uncertain.
iQCVAwUBMORRda1Qa39mIA0ZAQELEAQAryOaVDZIhnYQETxhmHyJktRei3080gXV
77Oy5Qo3/WdO7cvFdR+CKytbZQlV7GHS4lQ+N0MCPHH79+vLnw8xvQ+3htkzerjF
u6tgjiEnbR/YNCvjEq01aU2RVHgycg680WVOH4DqUNTi7yAY2G5Sc6K2LAD4AQrp
toniWTWanyY=
=+LZR
-----END PGP SIGNATURE-----