Re: [Evolution] pgp multipart mime-type

From: Jeffrey Stedfast <fejj ximian com>
To: Simon <red_one othersdietrying com>
Cc: evolution ximian com
Subject: Re: [Evolution] pgp multipart mime-type
Date: 16 Aug 2001 13:32:48 -0400

RFC2015 specifies that pgp signed and encrypted messages be sent using
the multipart/signed and multipart/encrypted content types respectively.

Evolution was written to conform to the standards. Embedding pgp
modified data in a text/plain part is both wrong and also introduces the
possibility of exploiting the mailer.

Take this for example:

Say I pgp encrypt a bindary file and past that into a text/plain message
that I then send to you. Your mailer sees that this part contains pgp
encrypted data, decides to decrypt it and display it as if it were text.
What happens? Your mailer crashes.

Jeff

On 16 Aug 2001 23:14:07 +1000, Simon wrote:

i've noticed that whenever i use evolution's gpg support to encrypt and
sign an email, it uses this in the header:
e.g. 

Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
        boundary="=-39vHAmxiy27QWj7fd8xJ"

i think this is the reason why some of my friends are getting my
encrypted emails as attachements intead of embedded in the email like it
should be.

could it please be considered that encrypting emails using pgp should
use the text/plain mime-type (if any), and the message should be in the
body of the email.


thankyou :)

Simon Hill

Follow-Ups:
- Re: [Evolution] pgp multipart mime-type
  - From: Simon

References:
- [Evolution] pgp multipart mime-type
  - From: Simon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]