-----BEGIN PGP SIGNED MESSAGE-----
In article <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>, Jeffrey Goldberg <cc047@Cranfield.ac.uk> says:
But then the recipient has a PGP-signed message from you which isn't encrypted (using pgp -d). That person could then impersonate you. Eg Alice the jilted lover could resend the goodbye message with forged headers to Bob's new girlfriend to get back at him.
Ah ha! Now I understand what this argument has been all about. This is not a flaw with PGP, but with the software doing the signing. It should/could add a line with a time and date stamp inside the signature envelope, or Bob could add more information, making the message more specific. I don't think PGP needs to be 'fixed', but the signing software does. Brian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMP0gGHIWObr6ZnuNAQFqpQMAhEDxcClXzwqS5QLSYgbGC0SdPwOSppgG cbEcHEamA+C/fzlCRl1FoCkvA/SPHoZB29FNJSH8hnP6s5OZQfFf3LZXPL+/UFiL 64i7dlt6Ajtg58eDiMj/+qPsHd8hbAuV =jj8n -----END PGP SIGNATURE----- --- <blane@eskimo.com> -------------------- <http://www.eskimo.com/~blane> --- Embedded System Programmer, EET Student, Interactive Fiction author (RSN!) ============== 11 99 3D DB 63 4D 0B 22 15 DC 5A 12 71 DE EE 36 ============