> My proposal doesn't have this problem. I want the manifest to summarize the > entire content of the message, including sha256 (or whatever is considered > good) fingerprints of each part.
1) What does a checksum add beyond the OpenPGP Modification Detection Code (MDC)? 2) Why doesn't an attacker replace the checksum? Anyway, if you really care about your recipient getting what you sent, you should simply sign, IMHO, due to 2). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
