Evolution signatures

Adrian von Bidder avbidder@fortytwo.ch
Wed Aug 6 12:16:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 06 August 2003 10:33, Ben Finney wrote:

> I don't see that any of these headers are a good target for signing.
>   - If the From: header changes, you can check it against the UIDs for
>     the signing key.  Signing the From: header doesn't gain anything.

Hmm. Ok, so probably MUA implementors should warn if From: header does not=
match a uid, or should not display from: at all but just the uid(s) of the=
signing key.

>   - If the To: header changes enough to be significant, how did it get
>     delivered to you anyway?

To: header has nothing to do with envelope recipient. But I agree that=20
protecting the To: header is probably not meaningful at all.

>   - If the Date: header changes, you can check it against the timestamp
>     of the signature.

Same as with From: - this is a problem with the MUAs. Also, the sender can =
his clock to anything he wants anyway, so I agree this is not very=20

>   - If the Subject: header changes, it should affect the context of the
>     message at all.  If it does, your correspondents are misusing the
>     Subject: header.  It's supposed to be a summary indication of the
>     contents, not an integral part of them.

There's a huge difference on how it should be and how it is.... There are m=
people using the Subject to convey essential information. (People often don=
see why they should type (part of) their message twice - so they either lea=
the subject empty or don't repeat in the body what is already in the=20

Yes, it's bad. But I doubt any attempt to educate users will be successful.

=2D- vbi

OpenPGP encrypted mail welcome - my key: http://fortytwo.ch/gpg/92082481

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.2 (GNU/Linux)

Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e