[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more about the usefulness of PGP




-----BEGIN PGP SIGNED MESSAGE-----

Cool stuff, Matthew.  You've gotta think about replay and delay
attacks though.  A good start is to include a time-stamp in the
authenticated message (I'm not sure if PGP's built-in timestamp
is authenticated.  Anyone?), save the latest timestamp which you
have authenticated, and reject messages unless they have an 
authenticated time-stamp later than that one.


What fun!  Keep me informed.


Regards,

Bryce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMeORJ0jbHy8sKZitAQF/zgL9EbVUojASbX/TAY6YrS6hzUYR+6sE7bHI
x01b12Yt2mQzWq//t636ROO1hzM/in9Co5jWjRhN6pQSnjNVI+OQC8iGw1eZm2c/
/lZ/MCqN+T5UvGgzNc62HyAWBZ9fIm/9
=2MGB
-----END PGP SIGNATURE-----