signing header required?
Anthony E. Greene
agreene@pobox.com
Sat Mar 15 23:59:01 2003
On 15-Mar-2003/14:51 -0700, Nicholas Bludworth <nbludwor@nmsu.edu> wrote:
>
>I looked through the FAQ and a few of the archives, but haven't seen
>anything about this. Forgive me if it's a common question. When signing
>a message, is the header at the beginning of the message required? If
>you aren't sure what I am referring to, here it is:
Yes, it is required. OpenPGP applications have to know where the signed
data starts and where it ends. There is no garuntee that the entire
message body will be signed. For instance, suppose I forward your message
to someone else, or I send you an archived copy of a signed message. Or
suppose and email app sends the entire message, mail headers and all, to
an OpenPGP app for processing. In these cases, the OpenPGP data needs to
be marked.
Tony
--
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>