[EMAIL PROTECTED] wrote: > It's either a GnuPG problem or an RFC problem.
It could also be a PEBKAC. :)
> It's possible to add or remove or modify text in a clearsigned
> message. If that's what the RFC allows, then the RFC is broken. If
> the RFC doesn't allow it then GnuPG is broken.
It is neither. You can change a comment field which is not used for
any cryptographic purpose.
This is not a GnuPG problem, therefore by your logic it must be a
problem with the RFC. In that case, please direct further mail to the
openpgp working group.
> This kind of sloppy exposure is out of place in the product/RFC.
> Making excuses or trying to explain around it or blame it on email
> clients is silly and not fooling anyone.
Perhaps the comment field should simply be renamed to "this is only a
comment, it's not part of the signed message so you shouldn't infer
that it is secured:". Or, if you don't like the comment field, don't
set it in your gpg config.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
It seems such a pity that Noah and his party did not miss the boat.
-- Mark Twain
pgpUtlGz7i7dI.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
