Vulnerability Development mailing list archives
Re: PGP Signed Messages
From: White Vampire <whitevampire () mindless com>
Date: Mon, 15 Oct 2001 16:30:11 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Oct 15, 2001 at 04:27:33PM +0100, [Segmen](dontpanic999 () yahoo com) wrote:
It occurred to me today what a bad idea the Comment Field is in PGP signed messages. Altering the Comment filed does not affect the validity of the signature, but to the non experienced PGP/GPG user it certainly appears to be part of the message.
<snip>
It is a minimal concern. Ben raised a valid point for those
using plugins and/or automatic processing. For those who use plaintext
e-Mail only, they are frequently intelligent enough to realize the
horrid syntax issues.
Regardless, it is fairly evident upon reading. Those who would
fall for it would likely not verify the PGP signature in the first
place, which would leave them in a bad situation regardless.
Regards,
- --
\ | \ / White Vampire\Rem | http://gammaforce.org/
\|\| \/ whitevampire () mindless com | http://gammagear.com/
"Silly hacker, root is for administrators." | http://webfringe.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
iD8DBQE7y0dT3+rxmnEDyl8RAleIAKDHOhG1DkDBwjzcqtQvyFg3qZjdlwCaAqJ+
SoNXPHSJA1IzLoFFYUY7prg=
=I0jQ
-----END PGP SIGNATURE-----
Current thread:
- PGP Signed Messages [Segmen] (Oct 15)
- RE: PGP Signed Messages Ben Setnick (Oct 15)
- Re: PGP Signed Messages prime evil (Oct 15)
- Re: PGP Signed Messages Kurt Seifried (Oct 15)
- Re: PGP Signed Messages Stephen Waters (Oct 15)
- Re: PGP Signed Messages Phil Cracknell (Oct 16)
- Re: PGP Signed Messages Jack Lloyd (Oct 16)
- Re: PGP Signed Messages Kurt Seifried (Oct 17)
- Re: PGP Signed Messages White Vampire (Oct 15)
- Re: PGP Signed Messages Wraith Slayer (Oct 15)
- Re: PGP Signed Messages Dennis V. Kudin (Oct 17)
- <Possible follow-ups>
- Re: PGP Signed Messages [Segmen] (Oct 15)
- Re: PGP Signed Messages Peter Gutmann (Oct 17)