Hi,
Werner Koch:
> On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said:
> > the local side is supposed to sign should probably be encrypted with the
> > signer's public key, otherwise I can just replace the data packet with
> > something that ends up signing a totally different file. :-/
>
> And if I do that, I could also sign the file right at the remote
> machine because the (or some) signature key must be available over
> there ;-)
>
Ouch. You're obviously right. :-/
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
- -
The day advanced as if to light some work of mine; it was morning,
and lo! now it is evening, and nothing memorable is accomplished.
-- H.D. Thoreau
