GPG support in Mahogany
Wed Dec 11 01:46:07 2002
Content-Description: signed data
On Tuesday 10 December 2002 17:21, Xavier Nodet wrote:
> I have signed this message twice. I could have encrypted it between
> the two signature, no?
Yes. You could have done this. But please refrain from making this
possible with Mahogany. The reason is that probably no other email
client will be able to grok such a message. Especially since
clearsigning and inline encrypting have been obsoleted long ago by
PGP/MIME you shouldn't do more than the absolute necessary, i. e. add
support for verifying and decrypting clearsigned/inline encrypted
messages but not for creating such messages. Instead you should
concentrate on fully supporting OpenPGP (which means PGP/MIME) since
this is _the_ standard.
> If I receive a signed-then-encrypted message, how can I be sure that
> the originator actually wanted me to receive this message. It may
> have been decrypted by the intended recipient, then re-encrypted
> using my public key.
Well, if the message starts with 'Hi, John' then you were obviously not
the intended recipient. So the preferable solution to your problem is
to repeat the list of recipients inside the signed message. Then anyone
who is not on this list will know that he wasn't supposed to get this
message. It's completely unnecessary to sign the message twice.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----