Email authentication??

Erik Rossen
Sun, 23 Jan 2000 13:38:22 +0100 (MET)

Hash: SHA1

On 22 Jan 2000, Mr. Bad wrote:

> One thing that I forgot to mention, and that many new users forget, is
> that -after- the message is signed, they _should_not_ edit the
> message. The signature is for the message AS IS. Even changing a
> single space or return will invalidate the signature!
I wonder if the next RFC for PGP will add a protocol that only counts printable characters and IGNORES ALL WHITESPACE characters for the purpose of calculating checksums. I bet that it would alleviate (or mask?) a lot of problems with mail programs that try to "pretty-up" messages, do CR-CRLF conversions, etc... Does anyone know if this idea has been discussed before? Erik Rossen ^ /e\ --- GPG key ID: 2935D0B9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see iD8DBQE4ivZEY88aPik10LkRArfZAJ4xx5z+rpbE77Jj1V6AaIp8MP1KGQCfRkHd 83D2m1zBo19DZvgnHDiO2sg= =7SQX -----END PGP SIGNATURE-----