> Yes, but one can also record an encrypted message and play it over and=20
> over
> again.
>
> The only way I can think of is signing/encrypting the message and=20
> including
> a message number counter on the message. The server and client both keep
> track of the message number and increment it each time. If a replayed
> message is arrived, it won't be valid because it would have an old messag=
e
> number.
>
> I assume that if the message is signed and the message number is
> manipulated by a third party, the whole message-signature complex will be
> detected as invalid by GPG verification.

Just include a date-time stamp in the message before encryption and signing=
..

-- Bob Ammerman
RAm Systems=20

--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.