[linux-elitists] Fwd: PGP signature attachments!
Fri Sep 7 17:59:09 PDT 2001
begin Karsten M Self quotation:
> on Fri, Sep 07, 2001 at 10:41:40PM +0100, Sean Neakums (email@example.com) wrote:
>> begin Karsten M Self quotation:
>> > Moreover, RFC 2015 includes directives to mail handling utilities
>> > regarding integrity of messages, and how they are or aren't to
>> > modify a message text which has been signed or encrypted. As
>> > you've certainly read my rant closely by now, you'll note the
>> > specific reference I've made to the munging issue. Cleartext
>> > signing provides no such hints, and there is no assurance your
>> > cleartext signed message will be delivered intact.
>> People fail to check signed messages, and it's the MUAs fault for
>> allowing them to be munged in the first place?
> Please restrict yourself to putting words in your own mouth, not mine.
Note my use of the question mark. It indicates interrogation. A
simple "No." would have sufficed. You may lower your bristles now, if
you wish. Maybe you like them better that way.
> A munged signed message can't be verified regardless. Broken mail
> handling software must be fixed.
> An intact, signed, but unverified message can still be verified at a
> later date. There's worlds of difference.
The only way to verify that a PGP-signed message is intact is to
attempt to verify the signature. You cannot trust the transport
mechanism nor the software used to encapsulate the message AT ALL. I
can't be any more certain that a PGP/MIME implementation has not
munged a message than I can that a plaintext PGP message has not been
>> > MIME is an established and official IETF standard. RFC 2015 is
>> > not officially recognized, due to its draft status, but it's a
>> > fairly widely implemented standard. The Gnus feature is, by
>> > contrast, an exploitation of a convention.
>> Given its non-ratified status, RFC2015 is merely an
>> extensively-documented convention.
> It is also relatively extensively implemented.
As is software that can deal with traditional plain-text PGP messages.
"The man who laughs at standards--that man must be put down.
We are none of us perfect; I know that. But we must agree
on what perfection is."
-- Joe Gendreau, California Weights and Measures
More information about the linux-elitists