[21220] in bugtraq
Re: crypto flaw in secure mail standards
daemon@ATHENA.MIT.EDU (Tollef Fog Heen)
Wed Jun 27 18:55:24 2001
To: "Riad S. Wahby" <rsw@mit.edu>
Cc: bugtraq@securityfocus.com
Mail-Copies-To: never
From: Tollef Fog Heen <tollef@add.no>
Date: 27 Jun 2001 14:49:48 +0200
In-Reply-To: <20010624005102.A21764@positron.mit.edu>
Message-ID: <87k81yjdeb.fsf@arabella.dep.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
* "Riad S. Wahby"
| Derek Atkins <warlord@MIT.EDU> wrote:
| > The problem is not at all with the crypto. The problem is with the
| > integration of the crypto with applications like e-mail.
|
| In this spirit, I have produced a patch for Mutt that adds an option
| to include the To:, From:, CC:, and Subject: headers at the end of PGP
| signed messages.
Another way to do it is to sign the headers as well. Look at
signcontrol from INN, which could probably be modified for this
purpose.
--
Tollef Fog Heen
You Can't Win
