Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: NEVER open attachments
From: "Bill Royds" <full-disclosure () royds net>
Date: Sat, 20 Mar 2004 22:16:02 -0500

My problem with signed messages is that verification often doesn't work
since the key servers are often not in sync with public keys. For example,
here is GNUPG applied to message by Jim Richardson a little earlier today:

C:\temp>C:\GnuPG\gpg --keyserver "hkp://subkeys.pgp.net" --verify
signature.asc fD-signed.txt
gpg: Signature made 03/20/04 18:33:30  using DSA key ID 838058F6
gpg: Can't check signature: public key not found

So the value of signing your messages  doesn't really scale.
That is why S/MIME is used by most commercial MUA's. Even though you have to
pay for the certificate, you can pretty well guarantee that the public key
will be available when one needs to verify the message.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Troy
Sent: March 20, 2004 8:43 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] NEVER open attachments

On Sat, 20 Mar 2004 11:54:34 +0100, Nico Golde <nion () gmx net> wrote:

if many people here have the same problem i will not sign my mails in
the future to this mailinglist in the hope that all can read my mails.
regards nico

FYI, with my mailer, your emails show up as plain text message with an
attached signature file, so it's no problem for me if you sign them. I
usually ignore the signature but, if I need to verify a message, I can
pull the attachment out for verification.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]