have been away for a while, and did not have a chance to respond to
the discussion about the comment and version fields
(and yes, i agree that the proper place would be the ietf wg
but they are currently involved in trying to get the rfc revision
through,
and might not want to consider other
Hi!
[EMAIL PROTECTED] schrieb:
> The "comment" and "version" armor fields are both essentially
> comments, and are ignored by the OpenPGP protocol. You can change
> either of them to whatever you like.
>
> ---
>
> ... That seems to defeat the reason for signing
> as the common person would assum
On Tue, 3 Apr 2007 17:57, [EMAIL PROTECTED] said:
> It is well known to people who have followed PGP & GPG for years, some
> who didn't watch as well will see that this 'flaw' has been patched on
> multiple occasions so it is nothing to worry about.
It is not a flaw but a requirement of the stan
Stan Rydzewski wrote:
>> Not that I take much glee in knowing there are things I can read on
>> linux that Windows users can't, but I thought that the man pages were
>> generally included with the windows builds and you could open them
>> with a text editor.
>
> Yes. They don't format as nicely,
Robert J. Hansen wrote:
> Matt <[EMAIL PROTECTED]> wrote:
>
> Please, if you want to continue to beat this drum, please beat it in
> front of the right people.
>
>> Fixing the RFC is probably not an option, but being more clear in user
>> documentation is. Not just the official GnuPG manual, but
On Tue, Apr 03, 2007 at 09:57:25AM -0600, Matt wrote:
> I buy a drill, I know a hand crank or motor turns the bit, and the bit
> makes holes. I buy a refrigerator, its job is to keep food cool, I have
> now idea how it turns electricity into cooling - and it is not addressed
> in the manual, as lo
Todd Zullinger wrote:
> Matt wrote:
>
>> There are man pages, which can't be read under windows
>
> Not that I take much glee in knowing there are things I can read on
> linux that Windows users can't, but I thought that the man pages were
> generally included with the windows builds and you coul
On Mon, Apr 02, 2007 at 12:40:18PM +0300, [EMAIL PROTECTED] wrote:
> p.s. of course I've altered his clearsigned post in this
> example. But it would still verify properly. This is my point.
The premise of the argument is false. You didn't alter his
clearsigned post.
David
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Remco Post wrote:
> Now, this is true for you and me. Now, take my secretary as an example.
> She has not installed any pgp/gpg aware software, nor is she an
> experienced user of cryptographic tools. Do you expect her to correctly
> interpret these
Robert J. Hansen wrote:
>> Does it say that the comment lines I read
>> in the (clearsigned) message before running it through GPG are not
>> part
>> of the signed message, that any third party between the sender and me
>> could have altered them?
>
> I would think the line "- BEGIN PGP SIGNAT
> Not that I take much glee in knowing there are things I can read on
> linux that Windows users can't, but I thought that the man pages were
> generally included with the windows builds and you could open them
> with a text editor.
Yes. They don't format as nicely, but you can read them. In any
Matt wrote:
> Now I haven't read the OpenPGP RFC, but if it is anything like the other
> RFCs that I've looked at (but been unable to read) its language is the
> worst possible combination between a lawyer and an engineer. Designed to
> kill all interest in the subject before getting down to the su
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> Does it say that the comment lines I read
> in the (clearsigned) message before running it through GPG are not
> part
> of the signed message, that any third party between the sender and me
> could have altered them?
I would think the line "
Robert J. Hansen wrote:
> This is a nonissue. I can't think of a stronger way to put it. The
> mutability of the comment and version string is well known and
> clearly documented in the RFC.
It is well known to people who have followed PGP & GPG for years, some
who didn't watch as well will see
On Monday 02 April 2007 17:34, Werner Koch wrote:
> On Mon, 2 Apr 2007 17:15, [EMAIL PROTECTED] said:
> > No, you're misunderstanding me. I'm not concerned with the
> > technical user who posts a question to a news list and understands
> > the issue. I'm wondering about the non-technical (business
> No, you're misunderstanding me. I'm not concerned with the
> technical user who posts a question to a news list and understands
> the issue. I'm wondering about the non-technical (business) user
> who gets a plug-in for his email client and then misinterprets a
> modified signature block
On Mon, 2 Apr 2007 17:15, [EMAIL PROTECTED] said:
> No, you're misunderstanding me. I'm not concerned with the technical
> user who posts a question to a news list and understands the
> issue. I'm wondering about the non-technical (business) user who
> gets a plug-in for his email client and then
Robert J. Hansen wrote:
>> p.s. of course I've altered his clearsigned post in this example.
>> But it would still
>> verify properly. This is my point.
>
> This is a nonissue. I can't think of a stronger way to put it. The
> mutability of the comment and version string is well known and
>
Original Message
From: "Robert J. Hansen" <[EMAIL PROTECTED]>
Cc: GnuPG users
Subject: Re: comment and version fields.
Date: Mon, 2 Apr 2007 09:46:12 -0500
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> > p.s. of course I've
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> p.s. of course I've altered his clearsigned post in this example.
> But it would still
> verify properly. This is my point.
This is a nonissue. I can't think of a stronger way to put it. The
mutability of the comment and version string is we
Original Message
From: "Robert J. Hansen" <[EMAIL PROTECTED]>
Cc: GnuPG users
Subject: Re: comment and version fields.
Date: Sun, 1 Apr 2007 15:05:37 -0500
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> > fields. I suppose its futile to
From: Sven Radde <[EMAIL PROTECTED]>
Date: Mon, 02 Apr 2007 10:19:25 +0200
> Hi!
>
> [EMAIL PROTECTED] schrieb:
> > The "comment" and "version" armor fields are both essentially
> > comments, and are ignored by the OpenPGP protocol. You can change
> > either of them to whatever you like.
> >
> > .
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> fields. I suppose its futile to try to change a standard but it
> seems that it might be very damaging indeed to have a signed
> message altered after signing. That seems to defeat the reason for
> signing as the common person would assume th
Date: Tue, 27 Mar 2007 23:25:58 -0400
On Wed, Mar 28, 2007 at 03:03:39AM +0300, [EMAIL PROTECTED] wrote:
> Greetings all,
>
> I came upon something a bit odd in gnupg 1.4.7. I found I can change
> the comment field in a signed message to be whatever I like. I
> should think this is a bad thing as
24 matches
Mail list logo
