In http://netscape.com.com/2100-1105-949506.html?type=pt there is a vague
mention of a problem:
Schneier released information Monday about a separate flaw in the PGP
(Pretty Good Privacy) program that is freely available and used to encrypt
messages sent over the Internet.
Schneier and Jonathan Katz of the University of Maryland at College Park
found a way an attacker could intercept a PGP encrypted message, modify it
without decrypting it, dupe the user into sending it back, and retrieve
the original message
Does anybody know more about this? Can a minor improvement to the new
-bis draft fix it?
--John