Tue Aug 5 21:16:02 2003
Content-Description: signed data
On Tuesday 05 Aug 2003 2:00 pm, Adrian von Bidder wrote:
> PGP/MIME is the tool to do that. The thing I'd wish is a way to also
> protect (sign - not encrypt, obviously) mail headers (IIRC this was alrea=
> discussed here.)
You could only affect headers when you reply to a message, and then it woul=
the to 'sign' the headers of the email you received, not the one you are=20
sending. Seems a little pointless.
Exactly which headers are you proposing to try and sign?
MessageID is assigned by your MTA - I don't see that there's much your emai=
client can do about that. Once the signed email leaves the scope of the ema=
client, it may still be on your system pending forwarding to your SMTP, but=
the email client cannot get it back.
e.g. my server added these to your email (amongst others)
X-Spam-Status: No, hits=3D-9.5 required=3D5.0
X-Spam-Checker-Version: SpamAssassin 2.55 (22.214.171.124-2003-05-19-exp)
How can you sign these when it's MY software that has created them upon=20
All you would be able to sign would be these:
Subject: Re: Evolution signatures
If you sign these, what do I gain when I validate them?
After all, email signatures are for the benefit of the recipients more than=
As you have all these on your system before you send, you could easily sign=
these already, by including them in the message body before sending. Repeat=
the subject, repeat the To: address, copy the references headers into the=20
body and add a line to say which email client you are using. Now sign and=20
e.g. I use scripts to generate some error emails on websites, they include=
some standard details:
Sent by: <copy of the To: field>
Subject: <copy of the Subject: field>
Sent using: <name of the script doing the sending>
But again, what do I GAIN from you doing that extra work?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----