On Wed, 12 Jan 2011 10:01:17 +0000, Nicholas Cole wrote: > That thread is clearly right about the bulk of the paper, which is > clearly an attack on the user of the crypto. Signing ambiguous > messages is not a good idea! But what about the suggestion they made > in section 1.2 about not signing crypt texts? Am I right that openpgp > always encrypts signed text, rather than signing encrypted text, and > so is not vulnerable at all?
Yes, OpenPGP encrypts signed text rather than signing encrypted text. -Paul -- PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
