[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yet another way to mangle OpenPGP data

To: ietf-openpgp@xxxxxxx
Subject: Yet another way to mangle OpenPGP data
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Wed, 9 Jun 2004 11:04:47 -0400
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: ietf-openpgp@xxxxxxx
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.6i

Just when you thought it was safe to use ASCII armor to protect
messages.  I don't think we need to worry about this in 2440bis, but
it's amusing in a "oh, fer cryin out loud" sort of way.

Seen on alt.security.pgp:

-- forwarded message --

From: "joe" <not@xxxxxxxx>
Newsgroups: alt.security.pgp
References: <1086710031.211.0@xxxxxxxxxxxxxxxxx>
Subject: Re: corrupt data in pgp 
Date: Tue, 8 Jun 2004 23:46:53 +0100
Lines: 44

It seems like within the block of pgp encrypted text, if the line
starts with the characters '//' MS OutlookExpress will automatically
add the 'file:' before it making it file:// I guess the same thing
will happen when it starts with xyz@xxxxxxxxxxx etc. it just assumes
it's an address location when it encounters the '@' symbol followed by
the fullstop '.' & thinks it's a email address or URL etc.

I removed the 'file:' from my block of encrypted data & it decrypted
perfectly.

joe.

-- end of forwarded message --

Prev by Date: Re: [ISSUE] UTF8 literal packets proposal
Next by Date: Re: IETF document publication process tweaks.
Previous by thread: Bis11 sent out
Next by thread: Re: IETF document publication process tweaks.
Index(es):
- Date
- Thread