On Fri, 2012-10-12 at 13:10 +0200, David Kalnischkies wrote: > Oh, and there is "Description-md5". I can't imagine a scenario in which it > would be useful to change the English description of a package for an attack > (which you want to hide by displaying the translations of the not modified > version) I cannot think of any either, well at lest not of anything, for which a plain collision would be enough,... But it's a general security paradigm, that one shouldn't just focus on the attack vectors one can think of... but rather trying to secure "everything" ;) Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature