Evolution signatures

Neil Williams linux@codehelp.co.uk
Tue Aug 5 21:16:02 2003 

--Boundary-02=_JMAM/SjSDFJGPm5
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 05 Aug 2003 2:00 pm, Adrian von Bidder wrote:
> PGP/MIME is the tool to do that. The thing I'd wish is a way to also
> protect (sign - not encrypt, obviously) mail headers (IIRC this was alrea=
dy
> discussed here.)

You could only affect headers when you reply to a message, and then it woul=
d=20
the to 'sign' the headers of the email you received, not the one you are=20
sending. Seems a little pointless.

Exactly which headers are you proposing to try and sign?

MessageID is assigned by your MTA - I don't see that there's much your emai=
l=20
client can do about that. Once the signed email leaves the scope of the ema=
il=20
client, it may still be on your system pending forwarding to your SMTP, but=
=20
the email client cannot get it back.

e.g. my server added these to your email (amongst others)

X-Spam-Status: No, hits=3D-9.5 required=3D5.0
	tests=3DBAYES_00,EMAIL_ATTRIBUTION,IN_REP_TO,KNOWN_MAILING_LIST,
	      PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT,REFERENCES,
	      REPLY_WITH_QUOTES,USER_AGENT_KMAIL
	autolearn=3Dham version=3D2.55
X-Spam-Level:=20
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

How can you sign these when it's MY software that has created them upon=20
receipt!?

All you would be able to sign would be these:
References: <1060016953.11097.25.camel@erasmus.localdomain>=20
<200308051051.46523@fortytwo.ch>=20
<1060081330.16521.21.camel@erasmus.localdomain>
In-Reply-To: <1060081330.16521.21.camel@erasmus.localdomain>
To: gnupg-users@gnupg.org
Subject: Re: Evolution signatures
User-Agent: KMail/1.5.3

If you sign these, what do I gain when I validate them?

After all, email signatures are for the benefit of the recipients more than=
=20
the sender.

As you have all these on your system before you send, you could easily sign=
=20
these already, by including them in the message body before sending. Repeat=
=20
the subject, repeat the To: address, copy the references headers into the=20
body and add a line to say which email client you are using. Now sign and=20
send.=20

e.g. I use scripts to generate some error emails on websites, they include=
=20
some standard details:
Sent by: <copy of the To: field>
Subject: <copy of the Subject: field>
Sent using: <name of the script doing the sending>

But again, what do I GAIN from you doing that extra work?

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?sn=3DNeil+Williams


--Boundary-02=_JMAM/SjSDFJGPm5
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/MAMJiAEJSii8s+MRAmxZAJ0SyG4bvdh4BDjrJ1DMAeDA3rc3mACffyto
smLXc6n7RC/XFIaPm9xebMs=
=t0KY
-----END PGP SIGNATURE-----

--Boundary-02=_JMAM/SjSDFJGPm5--