-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As one of the developers of the Outlook PGP plug-in, I feel I need to
correct a misunderstanding:
Ryan Lackey wrote:
> What MS Outlook appears to do is display status information about
> signature checking on messages in the mail message frame itself
> What MS Outlook appears to do is display status information about
> signature checking on messages in the mail message frame itself,
> indistinguishable from ordinary text. The obvious attack is to send
> a user unsigned mail (it could be encrypted, to add additional
> legitimacy to the att
The important points were
>Btw -- large password files using anything like this scheme are obsolescent.
>You can't use a hashed password for challenge/response,
>The fundamental problem is that users pick bad passwords and passphrases ...
Yup. I like S/Key better than the annoying SecureID
In <[EMAIL PROTECTED]>, on 06/05/99
at 06:39 PM, Ryan Lackey <[EMAIL PROTECTED]> said:
>What MS Outlook appears to do is display status information about
>signature checking on messages in the mail message frame itself,
>indistinguishable from ordinary text. The obvious attack is to send a
>
Recently I had my first direct contact with the Microsoft Outlook
MUA. Many people have praised its integration with PGP, internal
passwords, scheduling features, and user interface. I've always
associated Outlook with the numerous "macro exploits" discovered
and successfully exploited for the p
-BEGIN PGP SIGNED MESSAGE-
At 09:58 PM 6/5/99 -0400, Ryan Lackey wrote:
>I saw a piece of news which increased my interest in Outlook --
allegedly,
>microsoft is preparing a version for UNIX as part of a US DoD
contract
>which specifies UNIX as a messaging platform (for security reasons,
