Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE

[Rob Kaper]

On Wed, Jan 21, 2004 at 05:51:50PM -0800, Tom Lord wrote:
>     > Sure, you can add checks to make sure that there is no data before or
>     > after the GPG signed data, but wouldn't it be a lot simpler, and more
>     > flexible just to use detached signatures?
> 
> Simpler?  Hmmm.
> 
> No, it seems like a workaround for a fundamentally critical feature
> missing from gpg (and one that would be simple to add, I hope).

GPG clearly labels what part of a file is signed. If you fetch the md5sum
summary from outside the boundaries GPG gives you, GPG can't help you.

With detached signatures you could avoid all this, because the original file
is untouched - you would just sign the .gz and wouldn't even have to make
md5sums anymore.

Clearsigned signatures are AS MUCH a workaround for the lack of support for
decent meta file info on most filesystems as detached ones are. But since
detached signatures would prevent the need for implementation-specific
scanning within files, it clearly seems like the best option.

Regards,

Rob
-- 
Rob Kaper     | "They that can give up essential liberty to obtain a little
address@hidden | temporary safety deserve neither liberty nor safety."
www.capsi.com | - Benjamin Franklin, Historical Review of Pennsylvania, 1759

pgpEfwXgXFNBD.pgp
Description: PGP signature