> If I read it correctly, it also has another attack, no longer based on > user agents concatenating HTML mime parts, but also based on CFB > gadgets. Which, here, looks like a flaw in the OpenPGP specification > indeed (and thus GnuPG's implementation of it), and not in MUAs?
MDCs stop it dead. If a message has no MDC or an invalid MDC, GnuPG _will_ warn you about it. Now, whether your email client does the right thing upon being warned, that's between you and your email client... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users