Hi! Robert J. Hansen schrieb: > It is not feasible to undetectably remove, add, or modify text in a > clearsigned message. > > Your example adds, modifies, etc., text in the _signature_. > > The _message_ remains protected. It should have become clear by the course of the discussion that not everybody is aware of this (arguably) subtle distinction. I assume that it would even less the case for GnuPG users that do not follow this list (i.e. non-geeks, a.k.a. end-users, no offense intended :-). I thought myself to be quite an adept user of GnuPG but did not realize that Comment lines could be freely altered. Congrats to everyone who was actively aware of the fact before this discussion was brought up here, but, IMHO, said group would have been limited to the developers or other deeply involved people.
On the other hand, the implications of this are not so serious as to make a huge fuss about it. I would suggest to include a suitable paragraph into the man-pages and other end-user targeted documentation on gnupg.org. While a end-user cannot be expected to read an RFC, the man-page is surely not beyond his/her reach. cu, Sven _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
