Broken PGP signature [WAS: Re: inline gpg signatures?]
- From: Albrecht Dreß <albrecht dress arcor de>
- To: Kacper Wysocki <kacperw online no>
- Cc: Balsa-Liste <balsa-list gnome org>
- Subject: Broken PGP signature [WAS: Re: inline gpg signatures?]
- Date: Mon, 8 Dec 2003 19:44:46 +0100
Am 08.12.03 16:39 schrieb(en) Kacper Wysocki:
> Sure, since the message is stored in a public archive I'm sure the
> author won't mind.
The "Content-Type:" parameter of this message does not contain the
mandatory "micalg" parameter, so balsa says it's invalid. You can compare
this with a message where the signature is detected successfully:
Quoted from RFC 3156 (http://www.ietf.org/rfc/rfc3156.txt):
: 5. OpenPGP signed data
: The "micalg" parameter for the "application/pgp-signature" protocol
: MUST contain exactly one hash-symbol of the format "pgp-<hash-
: identifier>", where <hash-identifier> identifies the Message
: Integrity Check (MIC) algorithm used to generate the signature.
: Hash-symbols are constructed from the text names registered in 
: or according to the mechanism defined in that document by converting
: the text name to lower case and prefixing it with the four
: characters "pgp-".
I guess the programmers of that MUA were confused by the fact that
although the parameter is mandatory, it's actually not used as the gpg
signature is self-contained (i.e. has the used mic alg encoded
internally). So you might want to send a bug report...
Maybe balsa could be more specific about such rfc violations, but we had a
discussion a while ago about that with the result that we should just say
that broken messages are broken... I guess popping up a dialog which says
that the micalg parameter is missing (or some other detailed description
which nobody will understand if (s)he is not a programmer) will produce
even more confision.
Albrecht Dreß - Johanna-Kirchner-Straße 13 - D-53123 Bonn (Germany)
Phone (+49) 228 6199571 - mailto:email@example.com
] [Thread Prev