GPG support in Mahogany

Ingo Klöcker
Wed Dec 11 01:46:07 2002

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Description: signed data
Content-Disposition: inline

On Tuesday 10 December 2002 17:21, Xavier Nodet wrote:
> I have signed this message twice. I could have encrypted it between
> the two signature, no?

Yes. You could have done this. But please refrain from making this 
possible with Mahogany. The reason is that probably no other email 
client will be able to grok such a message. Especially since 
clearsigning and inline encrypting have been obsoleted long ago by 
PGP/MIME you shouldn't do more than the absolute necessary, i. e. add 
support for verifying and decrypting clearsigned/inline encrypted 
messages but not for creating such messages. Instead you should 
concentrate on fully supporting OpenPGP (which means PGP/MIME) since 
this is _the_ standard.

> If I receive a signed-then-encrypted message, how can I be sure that
> the originator actually wanted me to receive this message. It may
> have been decrypted by the intended recipient, then re-encrypted
> using my public key.

Well, if the message starts with 'Hi, John' then you were obviously not 
the intended recipient. So the preferable solution to your problem is 
to repeat the list of recipients inside the signed message. Then anyone 
who is not on this list will know that he wasn't supposed to get this 
message. It's completely unnecessary to sign the message twice.


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)