Re: [Evolution] GPG signatures



On Thu, 2002-01-24 at 17:53, John Gateley wrote:
I have a GPG signature that works in mutt
but not in Evolution, and it is NOT an
inline signature: it comes in two MIME
parts, one for the body and one for the
signature, just like Evolution does. Are
there any known bugs with Evolution that
would cause this?

Unfortunately the PGP/MIME specification says that the mime content and
headers must be treated as opaque. This means that you must feed the raw
message parts to the pgp program.

The way Evolution works is that it decodes messages into a MIME
structure for easier display/etc. When we go to verify the message, we
do CamelMimePart::write_to_stream() and it takes the Mime part's
structure and writes it to the stream. The problem comes in because
write_to_stream() is not guarenteed to write the MIME part out exactly
byte-for-byte the way it was in the original message (it's usually very
close - the problem is usually the QP encoding of the content, some
clients wrap lines at fewer chars-per-line than our encoder does).

IMHO, the PGP/MIME specification needs to be changes so that
applications don't need to treat the content and headers as opaque. IMHO
this is a flaw in the specification. It is known that there exist MTAs
and MUAs alike (ie, not just Evolution) that parse the mime structure
and rewrite it and thus cannot ensure that the result is exactly the
same as the input. The raw content will be the same, but god knows about
the encoded content.

I think that if the PGP/MIME spec isn't going to change, that it should
at LEAST enforce base64 encoding (every base64 encoding implementation
should produce exactly the same output because the base64 rules are
pretty strict, but the QP rules are not - there are a ton of ways to QP
encode the same data and each of them can have a different result).

If this really bothers you, feel free to take a stab at it. I'd be
willing to help and provide advice/etc but I can't do it alone, it's
just too much work.


I also got mail from CERT today, and that
signature fails because it is an inline
signature. Is there any progress towards
making Evolution work with these?

No. We are accepting patches though ;-)

Jeff

-- 
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.
fejj ximian com  - www.ximian.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]