Bad signatures, pgp and MIME

To: Debian Development <debian-devel@lists.debian.org>
Subject: Bad signatures, pgp and MIME
From: Martin Schulze <joey@carelia.infodrom.north.de>
Date: Fri, 10 Sep 1999 01:20:36 +0200
Message-id: <[🔎] 19990910012036.G219@carelia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.north.de>

Howdy,

recent messages sent to debian-security-announce have shown that
there is some discrepancy in understanding how PGP/MIME works and
how people would think that it works.

The basic problem is that you can't split a pgp/mime signed message
into parts and then verify it.  If you use Mutt for pgp-signing,
then splitting the message with mutt or munpack you cannot verify
the parts.

One reason given for this was that the Content-type header needs
to be part of the splitted message.

People were asking for the relevant document describing this
MIME/PGP standard.

At least Mutt and premail are understanding this type of signature.

Regarding security advisories, we will skip this kind of signing,
although this has a different reason.  Signing the file before
sending it will enable you to fetch the advisory form the web
and verify the signature.

Regards,

	Joey

-- 
Beware of bugs in the above code; I have only proved it correct,
not tried it.  -- Donald E. Knuth

Please always Cc to me when replying to me on the lists.

Reply to:

Prev by Date: Re: Compiling the kernel with the new gcc - help
Next by Date: xemacs21-nomule broken ?
Previous by thread: Re: boot-floppies [Release-critical Bugreport for September 10, 1999]
Next by thread: xemacs21-nomule broken ?
Index(es):
- Date
- Thread