On 16 Aug 2001 13:32:48 -0400, Jeffrey Stedfast wrote:
RFC2015 specifies that pgp signed and encrypted messages be sent using the multipart/signed and multipart/encrypted content types respectively. Evolution was written to conform to the standards. Embedding pgp modified data in a text/plain part is both wrong and also introduces the possibility of exploiting the mailer. Take this for example: Say I pgp encrypt a bindary file and past that into a text/plain message that I then send to you. Your mailer sees that this part contains pgp encrypted data, decides to decrypt it and display it as if it were text. What happens? Your mailer crashes.
why not make "ascii-armored pgp output" embedding in the body of the email, an option, as well as multipart being optional?
Attachment:
pgpqkDLFozEwA.pgp
Description: PGP signature