[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: List postings as attachments

On Thu, Aug 15, 2002 at 07:27:06AM -0700, Craig Dickson wrote:
| Hall Stevenson wrote:
| > For what it's worth (and I use OE to read this list at work),
| > the original message from David De Graff showed up with no
| > attachments. Shouldn't be a surprise though as it was sent
| > with OE, read by OE, and no PGP used.
| Right. If you don't PGP-sign your messages, don't send HTML mail, and
| make sure OE wraps lines, then OE's outgoing messages are okay.
| > -- Paul Johnson's message shows up normally but has one
| > attachment: msg.pgp
| That's old-style signing, which fails to include attachments in the
| signed data. I'm not sure there was ever really a proper standard that
| covered that kind of signing.

There wasn't, or so the introduction to RFCs 2015 and 3156 say.  Not
only that, but automatic verification of "clearsigned" messages is
cumbersome.  The mailer can't determine that the message was signed
unless it looks at the data portion of it.  Even then that isn't
necessarily reliable unless you restrict the content of people's mail.
(kind of like OL/OE's uuencode handling)  Thus to cleanly (and
completely) deal with messages like Paul's I have a maildrop rule that
whacks the Content-Type: to be PGP/MIME instead.

| > -- Adrian von Bidder's message was the "pain in the ass"
| > kind... :-) Both the message text and a signature.asc file
| > showed up as attachments.

Like this one?
(rhetorical question)

| That's modern standards-compliant MIME-based signing, the kind everyone
| is supposed to do.


| > So, would everyone please re-configure their setup to function
| > like Paul Johnson's does ?? :-)
| No. My setup is standards-compliant, and you're asking me to break it.


| > Paul, care to share your setup
| > for others to see ??

He set $pgp_clearsign_command to the necessary gpg invocation in his
.muttrc.  I've never tried that myself since mutt (and every other
mailer except MS's) are very compliant and interoperable.

| > Of course, I don't expect anyone to
| > change their "my setup ain't broken, yours is" mail program
| > for us lowly M$ Outlook and Outlook Express users...
| But your setup _is_ broken.

Indeed.  Do notice the "disposition=inline" part of the MIME headers
mutt generates.  That flag tells the mailer to display the contents of
that MIME part in-line with the "normal" (non-MIME) data.  By setting
that flag, the message will be displayed as usual in non-PGP mailers.
However MS decided it isn't going to play with the rest of the world.


(A)bort, (R)etry, (T)ake down entire network?

Attachment: pgp7fKva_SyWT.pgp
Description: PGP signature

Reply to: