Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: NEVER open attachments
From: Valdis.Kletnieks () vt edu
Date: Fri, 19 Mar 2004 14:42:58 -0500

On Fri, 19 Mar 2004 14:27:53 EST, you said:

Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu>, Nico Golde, Frank Knobbe,
et al have wonderful things to say and contribute great things to this list,
but i have never read anything they post because they post as attachments.

PGP signed messages are not executable attachments.

See the following RFCs:

1847 Security Multiparts for MIME: Multipart/Signed and
     Multipart/Encrypted. J. Galvin, S. Murphy, S. Crocker, N. Freed.
     October 1995. (Format: TXT=23679 bytes) (Status: PROPOSED STANDARD)
2015 MIME Security with Pretty Good Privacy (PGP). M. Elkins. October
     1996. (Format: TXT=14223 bytes) (Updated by RFC3156) (Status:
2440 OpenPGP Message Format. J. Callas, L. Donnerhacke, H. Finney, R.
     Thayer. November 1998. (Format: TXT=141371 bytes) (Status: PROPOSED
3156 MIME Security with OpenPGP. M. Elkins, D. Del Torto, R. Levien,
     T. Roessler. August 2001. (Format: TXT=26809 bytes) (Updates RFC2015)


If anything, you should *encourage* the use of PGP or S/MIME to sign mail,
because even if my machine gets whacked by a virus and starts spewing correctly
signed mail, you will *know* it's my machine doing it and not some
address-scraping virus on a machine in Zanzibar or someplace.

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]