no, it's not an email client problem, it's what I said at the start

Robert J. Hansen rjh at sixdemonbag.org
Wed Apr 4 00:30:59 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

randux at Safe-mail.net wrote:
> It's either a GnuPG problem or an RFC problem.

It's a GnuPG bug if and only if it is not behavior specified by the RFC.
 Given that GnuPG is correctly implementing the RFC here, that
means--drumroll, please--it is not a bug in GnuPG.

Nor, for reasons I've already explained, is it a bug in the RFC.
Although if you want to continue to argue that it is, please take it to
the IETF OpenPGP working group mailing list.  Beating the dead horse
here will do nothing except give the poor beast postmortem bruising.
The IETF OpenPGP WG mailing list is the place where change can actually
happen.

> It's possible to add
> or remove or modify text in a clearsigned message.

It is not feasible to undetectably remove, add, or modify text in a
clearsigned message.

Your example adds, modifies, etc., text in the _signature_.

The _message_ remains protected.

> Why all the excuses and flaring tempers...have I insulted anyone?

I have explained this in clear English several times.  This is not a
GnuPG bug; this is not an RFC bug; this is not something the developers
need to fix; this is, at best, an issue for the IETF OpenPGP WG and the
mailing lists for the various MUAs.  Please take it there.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCgAGBQJGEtWiAAoJELcA9IL+r4EJdREIAJrixtwqWkyM1G1HKpJ8t4xi
6N1pXI7Z4UKYxe6HMIzLQLO32WzHjy5323Z3V7culwngRqYiguFff7Vh1XQGClIW
XoxB5GxSMeMRDvaLdYhaZq9vyZHNFyQTWI8aWzkZxe9mBzFt4X0ngcsUpC65/Xmy
ZqVmBwpOYvWiofBK9nFG+DXZQ+iL95qc8CDa+9a3cBUEP+0RVNr2HGi0HZAqW6Jo
SKPVs3lpN4FIkNk5WWv3KCgPtFAMdI8U/N+6SKQri+4ZE78ty4sq0Zu0AH//8jzV
au9gRsny++JgOS26mIvbirwWCAy66gvnr3Nvf9bFFKL9E7kLYl+RnqUzJWRgMAU=
=KgXV
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list