From: bryce@digicash.com
Date: Wed, 10 Jul 1996 22:26:58 +0800
To: Matthew Carpenter <mcarpent@mailhost.tcs.tulane.edu>
Subject: Re: more about the usefulness of PGP
In-Reply-To: <199607092115.QAA78592@rs6.tcs.tulane.edu>
Message-ID: <199607101116.NAA17386@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Cool stuff, Matthew.  You've gotta think about replay and delay
attacks though.  A good start is to include a time-stamp in the
authenticated message (I'm not sure if PGP's built-in timestamp
is authenticated.  Anyone?), save the latest timestamp which you
have authenticated, and reject messages unless they have an 
authenticated time-stamp later than that one.


What fun!  Keep me informed.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMeORJ0jbHy8sKZitAQF/zgL9EbVUojASbX/TAY6YrS6hzUYR+6sE7bHI
x01b12Yt2mQzWq//t636ROO1hzM/in9Co5jWjRhN6pQSnjNVI+OQC8iGw1eZm2c/
/lZ/MCqN+T5UvGgzNc62HyAWBZ9fIm/9
=2MGB
-----END PGP SIGNATURE-----