| gabriel rosenkoetter on Thu, 25 Apr 2002 02:02:48 -0400 |
|
On Thu, Apr 25, 2002 at 12:17:28AM -0400, Michael F. Robbins wrote: > I've had many signatures listed as invalid. Sometimes, if I restart > evolution and go back to the message, it'll come back as valid. But > I've never seen a case in which a message with a known-invalid signature > was interpreted as valid. Can someone send a message to me with a *bad* > signature? I'd be interested to see how little I should trust this > thing. Um. Is it even possible to purposely *create* a bad signature? Oh, yeah, I guess so, modify the text of a clear-signed message. Hey, I bet that's what Darxus did in that message where he was talking about modification when I was looking for a message of his to test that had an invalid signature. Ahem. Anyhow, just because it catches one doesn't mean it will catch every one. Tracking a bug you're not sure about down that way is *hard*. Code inspection would be much easier. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpVfr9M89iPk.pgp
|
|