(1) BAD signature and (2) auto SHA1

DIG Dmitri I GOULIAEV <dmitri.gouliaev@telkel.net>
Thu Sep 11 00:59:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi, Charly Avital !

Thank you for your informative response.

 On Sat, Aug 02, 2003 at 05:56:55PM +0300, Charly Avital wrote:

> - - text that contains "special characters", like accented letters,=20
> etc. ("high ASCII") may cause the signature verification to fail,=20
> unless the recipient's e-mail client's character set is utf-8. So, this=
> could be the recipient's "fault". But it could be also the sender's=20
> "fault", if his email client's character set is not utf-8. This issue=20
> can be very confusing.

I suspect that I have something not properly configured on my side. I alrea=
dy eliminated one threat: mimedecode from ``fetchmail''. What I have to do =
is to eliminate other threats from ``sendmail'' and/or ``procmail''. I alre=
ady verified that ``mutt'' is fine.=20

[... sometime later...]

Finally (sometime ago), I found what was the cause for ``BAD signature'': m=
y e-mail provider was adding some text to the signed part of the message. N=
ot to every message, and only if the message was QP-encoded. Sometimes it w=
as just empty string!
Bad, bad provider...

P.S. I know, I know. It was more than month ago -- I try to catch up!

Best regards,

1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112  66CD 4343 C0AF 63A6 C649

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)