[Evolution] Re: GPG signatures



GPG signature [...]
comes in two MIME parts
[...]
I also got mail from CERT today, and that
signature fails because it is an inline
signature.

These are two sides of the same coin. There are some mail servers or
relays that will alter the content of the message in some way. Microsoft
Exchange servers are particularly likely to do this. There are limits on
line length before wrapping, changes to QP encoding, whatever. Even a
one bit change will invalidate the signature before Evolution ever sees
it. If the alteration happens before you receive the message there is
nothing Evolution or any mail client can do about it.

The workaround to this problem with inline signatures is to make the
message and the signature separate MIME parts and specify that their
contents are opaque. But then it is up to the mail client to recognize
the "Content-type: multipart/signed" and the "Content-disposition:
inline" MIME headers so it gets displayed as something other than a
couple of attachments, yet still can be verified as a signed message.
And that's where somebody gets to write and submit a patch  for
Evolution.

 -- sidney






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]