On Thu, 2002-08-15 at 19:49, Derrick 'dman' Hudson wrote: > On Thu, Aug 15, 2002 at 07:27:06AM -0700, Craig Dickson wrote: > | Hall Stevenson wrote: > | > -- Paul Johnson's message shows up normally but has one > | > attachment: msg.pgp > | > | That's old-style signing, which fails to include attachments in the > | signed data. I'm not sure there was ever really a proper standard that > | covered that kind of signing. > > There wasn't, or so the introduction to RFCs 2015 and 3156 say. Not Yes there is. Clearsigning is standardized in rfc2440 (the openpgp standard). But... > only that, but automatic verification of "clearsigned" messages is > cumbersome. The mailer can't determine that the message was signed > unless it looks at the data portion of it. Even then that isn't > necessarily reliable unless you restrict the content of people's mail. > (kind of like OL/OE's uuencode handling) Thus to cleanly (and > completely) deal with messages like Paul's I have a maildrop rule that > whacks the Content-Type: to be PGP/MIME instead. You are right on that, it was probably not really intended to be effectively automated. > > | > -- Adrian von Bidder's message was the "pain in the ass" > | > kind... :-) Both the message text and a signature.asc file > | > showed up as attachments. > > Like this one? > (rhetorical question) > > | That's modern standards-compliant MIME-based signing, the kind everyone > | is supposed to do. > > Yep. <rant> Except that I'm using evolution 1.0.x which just can't get signatures right in some cases, and can't verify signatures properly in *many* cases (your mail was also not verified, for instance). </rant> -- secure email with gpg http://fortytwo.ch/gpg
Attachment:
signature.asc
Description: This is a digitally signed message part