Hi, >Basically our customer required us to encrypt any team communications. So we >used PGP with email. I know the body of the email was encrypted, and I >believe attachments were too. The certs were used to "automate" the >decryption. Basically the PGP plugin would check the incoming mail's sender >email name and try to find a local cert that had the same email name in it.
Hmm, that sounds like broken software then, since the (probabilistically) unique keyID to locate the appropriate decryption or signature verification key is included in the message/signature - you never have to look at the From: address, and indeed trying to use it for key lookups would be a recipe for disaster because of the problems you pointed out. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]