On Fri, Sep 15, 2006 at 08:49:31PM +1200, Peter Gutmann wrote: > When I fired up Firefox a few minutes ago it told me that there was > a new update available to fix security problems. I thought, "Hmm, I > wonder what that would be...". It's interesting to note that we now > have fixes for many of the OSS crypto apps (OpenSSL, gpg, Firefox
GPG was not vulnerable, so no fix was issued. Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all. Instead, it generates a new structure during signature verification and compares it to the original. David --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
