Bugtraq mailing list archives

Re: crypto flaw in secure mail standards

From: "Riad S. Wahby" <rsw () mit edu>
Date: Sun, 24 Jun 2001 00:51:02 -0400

Derek Atkins <warlord () MIT EDU> wrote:

The problem is not at all with the crypto.  The problem is with the
integration of the crypto with applications like e-mail.


In this spirit, I have produced a patch for Mutt that adds an option
to include the To:, From:, CC:, and Subject: headers at the end of PGP
signed messages.

This patch happens to interact somewhat with a previous patch I
produced that allows Mutt to optionally send PGP messages as
content-type text/plain for broken mail clients like nmh and Eudora,
so I have integrated both into a single patch.  

It applies against mutt-1.2.5i; I haven't tested it against others,
but I suspect it should work fine.

http://positron.mit.edu/pub/plaintextappend.patch
ftp://positron.mit.edu/pub/plaintextappend.patch

--
Riad Wahby
rsw () mit edu
MIT VI-2/A 2002

5105

Current thread:

crypto flaw in secure mail standards Don Davis (Jun 22)
- Re: crypto flaw in secure mail standards Gregory Steuck (Jun 22)
- Re: crypto flaw in secure mail standards David Howe (Jun 22)
- Re: crypto flaw in secure mail standards Florian Weimer (Jun 24)
- <Possible follow-ups>
- crypto flaw in secure mail standards Don Davis (Jun 24)
- Re: crypto flaw in secure mail standards David Howe (Jun 24)
  - Re: crypto flaw in secure mail standards Jim Halfpenny (Jun 25)
- Re: crypto flaw in secure mail standards Riad S. Wahby (Jun 24)
  - Re: crypto flaw in secure mail standards Tollef Fog Heen (Jun 27)
- Re: crypto flaw in secure mail standards Richard Atterer (Jun 28)
  - Re: crypto flaw in secure mail standards Robert Bihlmeyer (Jun 29)