Security bug in mail plugins

Werner Koch wk at
Wed Jun 28 12:26:28 CEST 2006

On Wed, 28 Jun 2006 10:41, Nicholas Cole said:

> on OS X.  If part of a message is a signed gpg/mime
> message, the user is shown a display which gives an
> impression that there is a valid signature for all of
> the message and no warning that part of the message is
> not signed. 

Well known problem with older MUAs.

> How do other mail clients deal with this issue?  And

Gnus shows special markers to indicate what is signed and what
no. Kmail puts colored frames around the signed and verified parts of
the mail.

> what is the correct approach?  Is there anything that
> can be done at the gpgme level to deal with this kind

GPGME does now nown about MIME or mail protocols in general.  It needs
to be implemented in the MUA.



More information about the Gnupg-devel mailing list