From: galactus@stack.urc.tue.nl (Arnoud “Galactus” Engelfriet)
To: N/A
Message Hash: b8891d18a8c378f51526c3033ad34cca2bb516d636ea746ec7b632d9e48682f9
Message ID: <FIs9w4uYOdBC089yn@stack.urc.tue.nl>
Reply To: <199601030407.UAA12551@comsec.com>
UTC Datetime: 1996-01-14 21:49:19 UTC
Raw Date: Sun, 14 Jan 96 13:49:19 PST
From: galactus@stack.urc.tue.nl (Arnoud "Galactus" Engelfriet)
Date: Sun, 14 Jan 96 13:49:19 PST
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <FIs9w4uYOdBC089yn@stack.urc.tue.nl>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In article <Pine.ULT.3.91.960112020051.6769E-100000@Networking.Stanford.EDU>,
Rich Graves <llurch@Networking.Stanford.EDU> wrote:
> An easy short-term partial solution would be to modify mailcrypt, bap, or
> whatever front end you use to automatically put the current date and (a
> shortened form of) the To: or Newsgroups: header into the PGP signature
> Comments: line.
That line can be clipped off by everyone, without even so much as a peep
from PGP. Perhaps a better solution would be to copy the To: and
Newsgroups: headers into the body of the message?
Galactus
- --
To find out more about PGP, send mail with HELP PGP in the SUBJECT line to me.
E-mail: galactus@stack.urc.tue.nl - Please PGP encrypt your mail if you can.
Finger galactus@turtle.stack.urc.tue.nl for public key (key ID 0x416A1A35).
Anonymity and privacy page: <http://www.stack.urc.tue.nl/~galactus/remailers/>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAgUBMPbYTDyeOyxBaho1AQGtvAQA2bVrvx7Argv/MjjA7cOGpJNzV0AGg96J
PvOsknNKfUj9n/gRLDNlGeL+j8wcdpgpdv1h2udmL582nv1T6r/m1ZI6wxedDUvk
eGt+KpNKijXuTdXRTvdVV/Wxahk2/3TgoA0U40CZmm1s1Ckk506T1dkGkt19UsvO
/5sBQ/eKUhY=
=S/aM
-----END PGP SIGNATURE-----
Return to January 1996
Return to “Rich Graves <llurch@Networking.Stanford.EDU>”