On Fri, 10 Oct 1997 10:15:18 +0200 (CEST), Roman Czyborra
<czyborra(_at_)cs(_dot_)tu-berlin(_dot_)de> posted to comp.security.pgp.tech:
# 1. check signed exec command with pgp and strip
# signature to prevent replay attacks
:B fbw
^^-----BEGIN PGP SIGNED MESSAGE-----$$exec
| pgp +batchmode -f +pubring=$HOME/.pgp/authorized.pgp
I'm basically frightfully ignorant of how to use PGP right, but I fail
to see how this prevents replays. But once the signature check is
passed, you could of course include some sort of unique key (like the
Message-Id of the generating message, or a timestamp and fail if it's
older than, say, an hour) in the message itself. Of course, perhaps
I'm missing something -- my copy of PGP here doesn't even have the
+batchmode switch, does it do something I don't know about?
:A fhw # 3. generate return header
| formail -r
Perhaps you should consider formail -rt instead? Of course, if you
send the command from a foreign account, you hopefully will remember
to set Reply-To to whatever you want anyway, but it doesn't cost more
to do it right (and for once, you would certainly agree that, in the
words of the formail manual, you "trust" the sender :-)
/* era */
--
Paparazzi of the Net: No matter what you do to protect your privacy,
they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>