GPG support in Mahogany

Adrian 'Dagurashibanipal' von Bidder
Tue Dec 10 18:50:03 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-12-10 at 17:45, Xavier Nodet wrote:
> On Tue, 10 Dec 2002 16:44:37 +0100 Johan Almqvist <johan-gnupg@almqvist.n=
et> wrote:
> > * Xavier Nodet <> [021210 16:25]:
> >
> >> When a message is signed, we should verify that the 'From:' header
> >> actually matches one of the IDs of the signing key.
> > Would your method see the signature attached to this message as valid?
> No, but as I noticed while answering Michael Nahrath, either the key is
> trusted, or it is not. There is not much to get from checking the
> headers.

Depending on how it is displayed, it would close some loopholes for
inattentive users. What I'd wish for in a MUA is that there is a clear
display which data is trusted and which is not.

With OpenPGP/MIME (like this mail), it would be possible to repeat the
To, From, Subject (and similar) headers in the (signed) MIME headers of
the first MIME part (the one with the content), and copy them back (if
present) upon message receipt. So, headers would be fully preserved.

-- vbi

this email is protected by a digital signature:

NOTE: keyserver bugs! get my key here:

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)

Signature policy: