Subject: Re: NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code
To: David Maxwell , Ignatios Souvatzis <firstname.lastname@example.org>
From: Ignatios Souvatzis <email@example.com>
Date: 08/07/2002 21:12:54
On Wed, Aug 07, 2002 at 11:06:46AM -0400, David Maxwell wrote:
> I would rather not have the MUA doing the signing, for a couple reasons:
> Consistency - If different S-Os use different MUAs, or an S-O changes
> MUA over time, the SAs shouldn't be text one time, MIME the next, etc.
> Key location - I do not keep the S-O PGP key on the machine that I send
> mail from. I sign the advisories and copy them to the machine from which
> they are mailed.
You don't need to use the MUA. Just create a detached signature, and use
something that mangles the detached signature and the advisory into a
But I guess this isn't a ready to use application yet.
seal your e-mail: http://www.gnupg.org/