EICS proposal

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Feb 4 15:33:01 2003


--=-btBV6Nmrmep7t6xi8vQm
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

[Anthony, sorry for the double-mail]

On Die, 2003-02-04 at 11:50, Anthony E. Greene wrote:
> On 04-Feb-2003/10:24 +0100, Adrian 'Dagurashibanipal' von Bidder <avbidde=
r@fortytwo.ch> wrote:
> >
> >(rfc1847:
> >   The multipart/signed content type contains exactly two body parts.
> >   The first body part is the body part over which the digital signature
> >   was created, including its MIME headers.
> >)
>=20
> I stand corrected.
>=20
> I expect that signing the MIME headers is a PITA for PGP/MIME
> implementers. You pretty much have to write PGP/MIME into the mail client=
.
> The level of integration needed for it to work properly would be difficul=
t
> with a plugin.

PGP/MIME signs the whole mail - access to the raw mail before it gets
sent is needed at a point where all encoding is done (and yes, depending
on the architecture of the MUA, this might not be available with a
plugin).

Ask the Ximian people - they have exactly the wrong design for this -
their library breaks up the MIME parts at a low level, and GPG support
is considered part of the higher level, and they apparently did some
very ugly hacks to get the raw mail body when checking signatures. (I
say that their design is just wrong - as a power user, I'd like to
access the raw message sometimes, too. They say that the standard is
broken.).

cheers
-- vbi

--=20
When you don't know what to do, walk fast and look worried.

--=-btBV6Nmrmep7t6xi8vQm
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

iKcEABECAGcFAj4/z3ZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fWpGcAn10BT0RIb1D/fm/3VSkLYBUU
I+I1AKCUpdPUzD8q1VcJCk48jBrcgRUqGg==
=GBww
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d

--=-btBV6Nmrmep7t6xi8vQm--