Vulnerability Development mailing list archives
Re: PGP Signed Messages
From: Stephen Waters <swaters () amicus com>
Date: 15 Oct 2001 23:24:04 -0500
Not to start a big, huge thread about "well my client does yadda yadda", but I find that Evolution has very nice PGP integration. It works nearly transparently with gpg under Linux, going and doing all the boring work for me. Well, assuming the signature was attached ala the relevant RFC. If it's an inline signature, you have to manually check it... which I don't, generally. http://ximian.com/products/ximian_evolution/ No, I don't work for Ximian, I just dig the client. -s pgp newbie On Mon, 2001-10-15 at 16:32, Kurt Seifried wrote:
SIGNATURE-----). If people don't bother to check the signature (very very very common!) then it doesn't matter much. Iused to sign all my email with PGP for a while, then started forging them and no-one complained. Hell, I've seen security alerts with totally messed up MD5 sums/signatures/etc/etc and after notifying the appropriate people typically gotten a "yeah we made a mistake, but only 3 people noticed". One reason for X.509 instead of PGP for email, clients automatically check stuff and display a nasty warning (in outlook anyways) if it isn't signed right, has been modified/etc. Also another reason why you should ENCRYPT sensitive data aswell as sign it.
Attachment:
_bin
Description:
Current thread:
- PGP Signed Messages [Segmen] (Oct 15)
- RE: PGP Signed Messages Ben Setnick (Oct 15)
- Re: PGP Signed Messages prime evil (Oct 15)
- Re: PGP Signed Messages Kurt Seifried (Oct 15)
- Re: PGP Signed Messages Stephen Waters (Oct 15)
- Re: PGP Signed Messages Phil Cracknell (Oct 16)
- Re: PGP Signed Messages Jack Lloyd (Oct 16)
- Re: PGP Signed Messages Kurt Seifried (Oct 17)
- Re: PGP Signed Messages White Vampire (Oct 15)
- Re: PGP Signed Messages Wraith Slayer (Oct 15)
- Re: PGP Signed Messages Dennis V. Kudin (Oct 17)
- <Possible follow-ups>
- Re: PGP Signed Messages [Segmen] (Oct 15)
- Re: PGP Signed Messages Peter Gutmann (Oct 17)