On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said: > I'm also a bit concerned about MitM attacks; the hash-or-whatever which
Obviously you can do this only using a secure channel. > the local side is supposed to sign should probably be encrypted with the > signer's public key, otherwise I can just replace the data packet with > something that ends up signing a totally different file. :-/ And if I do that, I could also sign the file right at the remote machine because the (or some) signature key must be available over there ;-) Werner
