David Srbecky dsrbecky at gmail.com
Thu Aug 11 18:19:54 CEST 2005 wrote:
] I have payed with the idea of using experimental subpackets
] of 'User Attribute Packet' and here is what I came up with:
] Named Attribute Subpacket (type 100)
] Datatypes:
0 - reserved
1 - no data (it is just named flag)
2 - boolean
3 - integer
4 - UTF8 string
5 - URL
6 - image
7 - binary
8 - binary file
100-110 - private or experimental use
] NB: Binary type holds just some unspecified binary data.
] On the other hand, binary file type holds file that can
] be saved to disk and the name
] of the attribute represents its filename.
doesn't this pose some risk of exploit ?
suppose someone wants to put a malicious executable
as part of the packet,
and gives it some interesting name,
sends a pgp signed e-mail or posts a clearsigned message,
and gets people to download the key from a keyserver
to verify the signature
is there anything in gnupg that would prevent the running of the
executable?
(i.e. is the key just 'ignored' or 'refused'
as 'key with unsupported packet type' ?
and can this protect against some type of malware corrupting the
system,
just by getting gnupg to 'check' the packet ?)
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
