lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200403191942.i2JJgwWx012005@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: NEVER open attachments

On Fri, 19 Mar 2004 14:27:53 EST, you said:

> Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu>, Nico Golde, Frank Knobbe,
> et al have wonderful things to say and contribute great things to this list,
> but i have never read anything they post because they post as attachments.

PGP signed messages are not executable attachments.

See the following RFCs:

1847 Security Multiparts for MIME: Multipart/Signed and
     Multipart/Encrypted. J. Galvin, S. Murphy, S. Crocker, N. Freed.
     October 1995. (Format: TXT=23679 bytes) (Status: PROPOSED STANDARD)
2015 MIME Security with Pretty Good Privacy (PGP). M. Elkins. October
     1996. (Format: TXT=14223 bytes) (Updated by RFC3156) (Status:
     PROPOSED STANDARD)
2440 OpenPGP Message Format. J. Callas, L. Donnerhacke, H. Finney, R.
     Thayer. November 1998. (Format: TXT=141371 bytes) (Status: PROPOSED
     STANDARD)
3156 MIME Security with OpenPGP. M. Elkins, D. Del Torto, R. Levien,
     T. Roessler. August 2001. (Format: TXT=26809 bytes) (Updates RFC2015)
     (Status: PROPOSED STANDARD)

http://www.ietf.org/rfc/rfc1847.txt
http://www.ietf.org/rfc/rfc2015.txt
http://www.ietf.org/rfc/rfc2440.txt
http://www.ietf.org/rfc/rfc3156.txt

If anything, you should *encourage* the use of PGP or S/MIME to sign mail,
because even if my machine gets whacked by a virus and starts spewing correctly
signed mail, you will *know* it's my machine doing it and not some
address-scraping virus on a machine in Zanzibar or someplace.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040319/b80bb38b/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ