[imp] Bad gpg signatures - solved
Rick Emery
rick at emery.homelinux.net
Wed Mar 12 20:52:38 PST 2003
Quoting Michael M Slusarz <slusarz at bigworm.colorado.edu>:
> Yup, that would do it. When signing a message, you must sign the message by
> analyzing the canonical contents of the message. The canonical contents may
> NOT be the same as what is actually sent, not to mention that anything added
> to the message will invalidate the signature.
I thought that made sense, but then I had another thought. How do mailing lists
do it? At the bottom of this message, MailMan will attach a signature similar to
this:
--
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe at lists.horde.org
All of the other horde lists attach a similar signature, yet messages sent to
the lists show a good pgp signature. Presumably, MailScanner is doing the same
kind of thing: attaching a text message to the end of...
Wait a second; a light bulb just went on. Most of the messages I see have the
mailing list signature in-line, but I think I have seen some messages that have
it as a seperate message part. Is it possible that the mailing list software is
actually _attaching_ the [mailing list] signature to the pgp-signed message and
it gets displayed in-line, where MailScanner is actually putting the signature
_in_ the message (hence changing the message contents and invalidating the pgp
signature)?
Sorry for all of these questions, but I don't really understand mime message
parts and pgp signatures. If the above paragraph is kind of correct, then this
all makes sense to me.
Thanks for your patience,
Rick
------------------------------------------------
This email was sent using IMP v4.0-cvs, part of
the Horde suite of information management tools.
http://horde.org/
More information about the imp
mailing list