On Sun, Apr 01, 2007 at 01:04:12PM -0500, Manoj Srivastava wrote: > On Sun, 1 Apr 2007 18:11:38 +0200, Michal Čihař <[EMAIL PROTECTED]> said:
> > Hello On Fri, 30 Mar 2007 11:02:49 -0500 > > Manoj Srivastava <[EMAIL PROTECTED]> wrote: > >> It turns out that it was indeed encrypted, but the message was not > >> signed; which means there is no information about who is sending > >> the ballot. This is a legitimate addition to the ballot; I'll point > >> it out in the next CFV. > > It of course was signed, > No, it was not. The body of the encrypted but not signed email > contained a signed vote, but the email itself was not signed. Hrm, is there really an RFC that specifies encryption before signing? That would violate the expectation that people other than the intended recipient of the mail should not be able to verify the source. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
