Re: [Evolution] gpg help

From: "Adrian 'Dagurashibanipal' von Bidder" <avbidder fortytwo ch>
To: evolution ximian com
Subject: Re: [Evolution] gpg help
Date: 03 Jun 2002 10:51:27 +0200

On Sun, 2002-06-02 at 19:01, Not Zed wrote:

On Mon, 2002-06-03 at 05:16, Jeffrey Stedfast wrote:

There were some bugs in the 1.0.x PGP/MIME code, these should all be
fixed now in the development CVS. Perhaps you came accros one of these
bugs?

[...]

I dunno about all, but some more have been fixed.  And only for
multipart/signed (i dont ever want to support inline pgp, its even more
broken).  However i ran some tests, and i could generate mails that


Damn. I missed the MIME bit in Jeffrey's post. But I can understand not
wanting to support inline pgp. Still annoying, though, as they are still
quite frequent. Perhaps better remove inline support altogether (per
default), making it an experimental feature instead? Having inline
signatures not validating half of the time makes pgp/gpg look very
unreliable, which it isn't in my experience (it works basically
everywhere except in evolution...)

The most annyoing bug for me was that signed mails with attachments
would never verify. That fixed?

(It seems building from cvs is a bit too complicated, as some of the
debian ...-dev pkgs are not current enough (libgal). Do I have to
rebuild most gnome libraries? Hmmm. I'll just wait for evo 1.2 release,
I think...)

The multipart/signed rfc's are broken, they break valid assumptions you

[...]

if for example any mailer blows apart mime parts and stores them
decoded, which imho is a perfectly valid thing to want to do).  But


Hmmm. I'd agree that this may be a valid thing to do in the local cache.
But I strongly feel that the mailer changing the msg body stored in the
mail spool (or imap dir) without being told so is broken.

then, I guess it depends on what you expect from a signed message.


I'd expect it to verify whenever possible. Meaning: any tampering with
the message body causing signatures invalid signatures is a bug (there
*may* be some few broken MTAs , but mostly the problems come from the
MUA). Don't know what else to expect from a signed msg.

All said - evo is still a pretty cool mailer. palmpilot integration is
strongest bonus for me.

cheers
-- vbi


-- 
secure email with gpg            avbidder fortytwo ch: key id 0x92082481
                                 avbidder acter ch:    key id 0x5E4B731F

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: [Evolution] gpg help
  - From: Rodrigo Moya
- Re: [Evolution] gpg help
  - From: Not Zed

References:
- [Evolution] gpg help
  - From: Seth Hollen
- Re: [Evolution] gpg help
  - From: Jeffrey Stedfast
- Re: [Evolution] gpg help
  - From: Adrian 'Dagurashibanipal' von Bidder
- Re: [Evolution] gpg help
  - From: Not Zed

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]