| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: Signed e-mail vs. turning off HTML mail under XP Like I said, Outlook Express (even in the header) not Mozilla. And the problem is not with signature verification FWIW, but access to the message itself. I am not claiming the cert stuff doesn't work, just pointing at a downside in turning of HTML mail. So that is the case, i am sorry you did not understand that I was not referring to the software you are using. ----- Original Message ----- From: "Michael Sierchio" <kudzu@...ebras.com> To: <full-disclosure@...ts.netsys.com> Sent: Saturday, October 11, 2003 2:48 AM Subject: Re: [Full-Disclosure] Signed e-mail vs. turning off HTML mail under XP > yossarian wrote: > > > The problem is that by turning off HTML for e-mail as a security measure, > > you disable the correct use of digitally signed e-mail, which by design is a > > security measure. > > Not the case, AFAIK -- S/MIME doesn't depend on how you view the > document. At least w/Mozilla (currently in use here) S/MIME > signatures are verified even though the HTML is not rendered. > > > -- > > "Well," Brahma said, "even after ten thousand explanations, a fool is no > wiser, but an intelligent man requires only two thousand five hundred." > - The Mahabharata > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists