[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Signed e-mail vs. turning off HTML mail under XP
- To: Michael Sierchio <kudzu@tenebras.com>, full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Signed e-mail vs. turning off HTML mail under XP
- From: yossarian <yossarian@planet.nl>
- Date: Sat, 11 Oct 2003 15:14:11 +0200
Like I said, Outlook Express (even in the header) not Mozilla. And the
problem is not with signature verification FWIW, but access to the message
itself. I am not claiming the cert stuff doesn't work, just pointing at a
downside in turning of HTML mail. So that is the case, i am sorry you did
not understand that I was not referring to the software you are using.
----- Original Message -----
From: "Michael Sierchio" <kudzu@tenebras.com>
To: <full-disclosure@lists.netsys.com>
Sent: Saturday, October 11, 2003 2:48 AM
Subject: Re: [Full-Disclosure] Signed e-mail vs. turning off HTML mail under
XP
> yossarian wrote:
>
> > The problem is that by turning off HTML for e-mail as a security
measure,
> > you disable the correct use of digitally signed e-mail, which by design
is a
> > security measure.
>
> Not the case, AFAIK -- S/MIME doesn't depend on how you view the
> document. At least w/Mozilla (currently in use here) S/MIME
> signatures are verified even though the HTML is not rendered.
>
>
> --
>
> "Well," Brahma said, "even after ten thousand explanations, a fool is no
> wiser, but an intelligent man requires only two thousand five hundred."
> - The Mahabharata
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html