Adrian 'Dagurashibanipal' von Bidder
Tue Feb 4 15:33:01 2003
[Anthony, sorry for the double-mail]
On Die, 2003-02-04 at 11:50, Anthony E. Greene wrote:
> On 04-Feb-2003/10:24 +0100, Adrian 'Dagurashibanipal' von Bidder <avbidde=
> > The multipart/signed content type contains exactly two body parts.
> > The first body part is the body part over which the digital signature
> > was created, including its MIME headers.
> I stand corrected.
> I expect that signing the MIME headers is a PITA for PGP/MIME
> implementers. You pretty much have to write PGP/MIME into the mail client=
> The level of integration needed for it to work properly would be difficul=
> with a plugin.
PGP/MIME signs the whole mail - access to the raw mail before it gets
sent is needed at a point where all encoding is done (and yes, depending
on the architecture of the MUA, this might not be available with a
Ask the Ximian people - they have exactly the wrong design for this -
their library breaks up the MIME parts at a low level, and GPG support
is considered part of the higher level, and they apparently did some
very ugly hacks to get the raw mail body when checking signatures. (I
say that their design is just wrong - as a power user, I'd like to
access the raw message sometimes, too. They say that the standard is
When you don't know what to do, walk fast and look worried.
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d