EICS proposal

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Feb 4 15:33:01 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

[Anthony, sorry for the double-mail]

On Die, 2003-02-04 at 11:50, Anthony E. Greene wrote:
> On 04-Feb-2003/10:24 +0100, Adrian 'Dagurashibanipal' von Bidder <avbidde=
r@fortytwo.ch> wrote:
> >
> >(rfc1847:
> >   The multipart/signed content type contains exactly two body parts.
> >   The first body part is the body part over which the digital signature
> >   was created, including its MIME headers.
> >)
> I stand corrected.
> I expect that signing the MIME headers is a PITA for PGP/MIME
> implementers. You pretty much have to write PGP/MIME into the mail client=
> The level of integration needed for it to work properly would be difficul=
> with a plugin.

PGP/MIME signs the whole mail - access to the raw mail before it gets
sent is needed at a point where all encoding is done (and yes, depending
on the architecture of the MUA, this might not be available with a

Ask the Ximian people - they have exactly the wrong design for this -
their library breaks up the MIME parts at a low level, and GPG support
is considered part of the higher level, and they apparently did some
very ugly hacks to get the raw mail body when checking signatures. (I
say that their design is just wrong - as a power user, I'd like to
access the raw message sometimes, too. They say that the standard is

-- vbi

When you don't know what to do, walk fast and look worried.

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d