Hi
On Sun, 01 Apr 2007 13:04:12 -0500
Manoj Srivastava <srivasta@debian.org> wrote:
> This is the most creative and weird action I have seen in the
> last few elections.
>
> You send an encrypted mail, which was not itself signed. This
> caused the vote to be rejected. Now, the body of the mail, once you
> decrypted it, did contain a signed vote -- but this is too late,
> since the outer mail was not signed, nothing processed the decrypted
> body.
>
> And no, you do not need to send in inline PGP when encrypting
> ballots; you can send a signed *AND* encrypted RFC 3156 mail
> message.
Maybe I read RFC 3156 wrong, but I think it says exactly what I sent:
6.1. RFC 1847 Encapsulation
In [2], it is stated that the data is first signed as a
multipart/signature body, and then encrypted to form the final
multipart/encrypted body. This is most useful for standard MIME-
compliant message forwarding.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
Attachment:
signature.asc
Description: PGP signature