Re: mutt/gpg social attack

To: Mutt Developers <mutt-dev@xxxxxxxx>
Subject: Re: mutt/gpg social attack
From: Bob Bell <bbell@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Aug 2004 09:20:35 -0400
In-reply-to: <20040823074602.GE25753@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: Mutt Developers <mutt-dev@xxxxxxxx>
References: <20040823074602.GE25753@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.6i

On Mon, Aug 23, 2004 at 09:46:02AM +0200, Thomas Glanzmann 
<sithglan@xxxxxxxxxxxxxxxxxxxx> wrote:

http://www.securityfocus.com/bid/10929


Hmm, an interesting thought is here:
http://marc.theaimsgroup.com/?l=mutt-dev&m=100402857100619&w=2

Quote (from Mike Schiraldi <raldi@xxxxxxxxxxxxxxxxxxx>):
Ultimately, i think the best solution is to add a command like the
following to define whom you expect to sign their messages:

signers-include bob@xxxxxxxxx
signers-include .*@verisign.com
signers-exclude ralph@xxxxxxxxxxxx

And then if mutt sees a message that should be signed but isn't, it can set
off warnings, possibly even prompting the user before displaying the
message.

--
Bob Bell <bbell@xxxxxxxxxxxxxxxxxxxxx>

Follow-Ups:
- Re: mutt/gpg social attack
  - From: Dave Ewart

References:
- mutt/gpg social attack
  - From: Thomas Glanzmann

Prev by Date: [PATCH] Compose menu shows PGP info for S/MIME messages
Next by Date: Re: mutt/gpg social attack
Previous by thread: Re: mutt/gpg social attack
Next by thread: Re: mutt/gpg social attack
Index(es):
- Date
- Thread