GnuPG signed message spoofing vulnerability
Posted Mar 8, 2007 9:57 UTC (Thu) by evgeny
Parent article: GnuPG signed message spoofing vulnerability
If GPG were written in a good style (here meaning separating the application and the core C API, with the latter being installed alongside the exec), most of clients would use that API directly, with such kinds of spoofing impossible. And the wrappers like GPGME (which internally calls the gpg executable) wouldn't be needed.
to post comments)