GPG support in Mahogany
Adrian 'Dagurashibanipal' von Bidder
Tue Dec 10 18:50:03 2002
On Tue, 2002-12-10 at 17:45, Xavier Nodet wrote:
> On Tue, 10 Dec 2002 16:44:37 +0100 Johan Almqvist <firstname.lastname@example.org=
> > * Xavier Nodet <email@example.com> [021210 16:25]:
> >> When a message is signed, we should verify that the 'From:' header
> >> actually matches one of the IDs of the signing key.
> > Would your method see the signature attached to this message as valid?
> No, but as I noticed while answering Michael Nahrath, either the key is
> trusted, or it is not. There is not much to get from checking the
Depending on how it is displayed, it would close some loopholes for
inattentive users. What I'd wish for in a MUA is that there is a clear
display which data is trusted and which is not.
With OpenPGP/MIME (like this mail), it would be possible to repeat the
To, From, Subject (and similar) headers in the (signed) MIME headers of
the first MIME part (the one with the content), and copy them back (if
present) upon message receipt. So, headers would be fully preserved.
this email is protected by a digital signature: http://fortytwo.ch/gpg
NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822