verification of clearsigned e-mails // question/request

David Shaw dshaw@jabberwocky.com
Fri May 2 12:45:02 2003


--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 29, 2003 at 09:02:29PM +0200, Adrian 'Dagurashibanipal' von Bid=
der wrote:
> On Tuesday 29 April 2003 18:25, vedaal@hush.com wrote:
> > for verification of clearsigned messages, when there is a 'bad' signatu=
re,
> >
> > would it be possible/feasible to have an option of '--try-all-unwraps',
>=20
> IMHO fixing a broken system of how clearsigned text is transported is not=
=20
> something that belongs into gpg, but into the system which deals with the=
=20
> (broken) transport of the text, i.e. the mail program.
>=20
> Even better: nag those who send broken signatures to fix their systems. I=
=20
> guess in 90% of the cases the problem is at the sender's end.=20

The wrapping problem seems to affect Windows PGP users far more than
users of any of the *nix systems.  This isn't something intrinsic in
Windows, but rather in the mail programs on Windows - they generally
don't have direct OpenPGP integration, and so do tricks to grab the
text before sending.  It's common to grab the text, sign it, and then
have the mail program be "helpful" and re-wrap the text before it
sends it.

I agree with Adrian.  It would be nice to try several different
combinations of document to try and get an invalid sig to
validate... but that should be something external to GnuPG.  It's the
kind of thing you could do with just a little perl or python (or quite
a lot of C).

David

--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+sepW4mZch0nhy8kRAkr4AKDlOELSIttxdQ4yB33sAdlug3l/rgCgsB1w
PaGL/9jR4NgRSxZRLOYj+Yc=
=jmfl
-----END PGP SIGNATURE-----

--17pEHd4RhPHOinZp--