combination of text-mode signature (by mutt?) and gpg >= 1.4.8 introduces interoperability problem
David Shaw
dshaw at jabberwocky.com
Tue Jul 8 19:26:32 CEST 2008
On Tue, Jul 08, 2008 at 04:52:19PM +0200, Bernhard Reiter wrote:
> Note that you would need to have an attachment in, that already
> has trailing spaces to some lines. Maybe it must be a message/rfc822
> attachment, I did not verify yet.
This is interesting, as OpenPGP/MIME requires trailing spaces to be
quoted. ("any trailing whitespace MUST then be removed from the
signed material.") That would imply that mutt isn't generating the
OpenPGP/MIME message properly. I suppose that is possible, but it
seems odd as Mutt has always been rigorous about following the
OpenPGP/MIME spec to the letter.
Have you seen this:
http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html
Can you ask the sender to perform the test suggested on that page?
Specifically:
An easy way to tell if your particular mail program correctly
implements PGP/MIME signing is to set --no-rfc2440-text, and send
yourself a signed message that has a number of blank spaces at the
end of a line. Then, set --rfc2440-text and attempt to verify the
signature. If the signature does not verify correctly, you may
wish to contact the developer of your mail program for an update.
In this case, of course, have the sender construct the same sort of
message as before (message/rfc822 attachment, etc).
David
More information about the Gnupg-devel
mailing list