Re: Anybody know details about Schneier's "flaw"?

"Adrian 'Dagurashibanipal' von Bidder" <avbidder@fortytwo.ch> Mon, 19 August 2002 11:40 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA28614 for <openpgp-archive@lists.ietf.org>; Mon, 19 Aug 2002 07:40:11 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g7JBYxT19637 for ietf-openpgp-bks; Mon, 19 Aug 2002 04:34:59 -0700 (PDT)
Received: from atlas.acter.ch ([212.126.160.108]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7JBYww19632 for <ietf-openpgp@imc.org>; Mon, 19 Aug 2002 04:34:58 -0700 (PDT)
Received: by atlas.acter.ch (Postfix, from userid 1047) id 09E0021A0; Mon, 19 Aug 2002 13:34:46 +0200 (CEST)
Subject: Re: Anybody know details about Schneier's "flaw"?
From: "Adrian 'Dagurashibanipal' von Bidder" <avbidder@fortytwo.ch>
To: ietf-openpgp@imc.org
In-Reply-To: <2F89C141B5B67645BB56C0385375788231C5B0@guk1d002.glueckkanja.org>
References: <2F89C141B5B67645BB56C0385375788231C5B0@guk1d002.glueckkanja.org>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-1G2tKlk5KHHHBs/KYBUY"
X-Mailer: Ximian Evolution 1.0.8
Date: 19 Aug 2002 13:34:46 +0200
Message-Id: <1029756886.31083.125.camel@atlas>
Mime-Version: 1.0
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

[please leave attribution in when replying]

On Mon, 2002-08-19 at 11:49, Dominikus Scherkl wrote:

> > The mistake here, on Bob's part, is to reply to a message without
> > paying attention to the e-mail address being used
[...]

> The whole attack looks very suspicious to me...

I guess the correct 'solution' to prevent the 'attack' would be to file
bug reports with gpg-aware mail clients that do not at least display a
warning when replying to/forwarding an originally encrypted message
unencrypted.

cheers
-- vbi

-- 
secure email with gpg                         http://fortytwo.ch/gpg