[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: List postings as attachments

On Thu, 2002-08-15 at 19:49, Derrick 'dman' Hudson wrote:
> On Thu, Aug 15, 2002 at 07:27:06AM -0700, Craig Dickson wrote:
> | Hall Stevenson wrote:

> | > -- Paul Johnson's message shows up normally but has one
> | > attachment: msg.pgp
> | 
> | That's old-style signing, which fails to include attachments in the
> | signed data. I'm not sure there was ever really a proper standard that
> | covered that kind of signing.
> There wasn't, or so the introduction to RFCs 2015 and 3156 say.  Not

Yes there is. Clearsigning is standardized in rfc2440 (the openpgp
standard). But...

> only that, but automatic verification of "clearsigned" messages is
> cumbersome.  The mailer can't determine that the message was signed
> unless it looks at the data portion of it.  Even then that isn't
> necessarily reliable unless you restrict the content of people's mail.
> (kind of like OL/OE's uuencode handling)  Thus to cleanly (and
> completely) deal with messages like Paul's I have a maildrop rule that
> whacks the Content-Type: to be PGP/MIME instead.

You are right on that, it was probably not really intended to be
effectively automated.

> | > -- Adrian von Bidder's message was the "pain in the ass"
> | > kind... :-) Both the message text and a signature.asc file
> | > showed up as attachments.
> Like this one?
> (rhetorical question)
> | That's modern standards-compliant MIME-based signing, the kind everyone
> | is supposed to do.
> Yep.

Except that I'm using evolution 1.0.x which just can't get signatures
right in some cases, and can't verify signatures properly in *many*
cases (your mail was also not verified, for instance).

secure email with gpg                         http://fortytwo.ch/gpg

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: