headers
Keith Moore | 25 Jul 05:10
Picon

draft-moore-auto-email-response-01


After over a year's delay, I've finally revised my recommendations for
automatic email responders.  I just sent them to the internet-draft
folks (in both text and PDF for the ASCII-impaired).   Or you can get
the preprint at any of:

http://www.cs.utk.edu/~moore/I-D/draft-moore-auto-email-response-01.txt
http://www.cs.utk.edu/~moore/I-D/draft-moore-auto-email-response-01.ps
http://www.cs.utk.edu/~moore/I-D/draft-moore-auto-email-response-01.pdf

I've tried to address the comments that were made when the -00 version
came out (well, those I didn't totally disagree with :), but the changes
are too numerous for me to summarize at this point.

Keith
Permalink | Reply | 0 comments |
headers
Simon Josefsson | 31 Jul 19:42
Favicon

Re: Format=Flowed/RFC 2646 Bis (-01)


Something that came up here, which could be useful to discuss in the
security consideration: OpenPGP says that trailing white space on an
article is ignored when computing digest on a cleartext signed
message.  This means that someone can add, in transit, a format=flowed
header to a (regular, non-flowed) vanilla PGP (not PGP/MIME) signed
message and introduce arbitrary trailing SPC characters without being
detected.  This change the rendering of the article, if the client
support format=flowed, possibly even in a malicious way.

Consider someone sending:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My favorite letters, ordered by priority (letters on the same line
are of the same priority):
A Q
C
L O
X
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.2-cvs (GNU/Linux)

iQC1AwUBPylPae2iHpS1ZXFvAQJExwT+JPl/+MCgjggqab0I7E3E964S6+FijyGI
NT0n9WD1hWYB9TYyQAtzDA4AIHhvcMu0QJaiPb/DNDE0RP+n/5rESU8wt+BoDo33
h1pEzvCtPL/QFW5fRBqaJO9KXsrqofMym+xoYZrtAMzttPWb8OxjpWSYfd5TnGKM
qpYGI8YKWfGonDx2ed7Aa9GbX3Tx8EOd5mGTAciJit23m6NQtG9MfQ==
=gRko
-----END PGP SIGNATURE-----
(Continue reading)

Permalink | Reply | 0 comments |

Gmane