no, it's not an email client problem, it's what I said at the start

Todd Zullinger tmz at
Wed Apr 4 00:49:07 CEST 2007

randux at wrote:
> It's either a GnuPG problem or an RFC problem.

It could also be a PEBKAC. :)

> It's possible to add or remove or modify text in a clearsigned
> message. If that's what the RFC allows, then the RFC is broken. If
> the RFC doesn't allow it then GnuPG is broken.

It is neither.  You can change a comment field which is not used for
any cryptographic purpose.

This is not a GnuPG problem, therefore by your logic it must be a
problem with the RFC.  In that case, please direct further mail to the
openpgp working group.

> This kind of sloppy exposure is out of place in the product/RFC.
> Making excuses or trying to explain around it or blame it on email
> clients is silly and not fooling anyone.

Perhaps the comment field should simply be renamed to "this is only a
comment, it's not part of the signed message so you shouldn't infer
that it is secured:".  Or, if you don't like the comment field, don't
set it in your gpg config.

Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
It seems such a pity that Noah and his party did not miss the boat.
    -- Mark Twain

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : /pipermail/attachments/20070403/73a45345/attachment.pgp 

More information about the Gnupg-users mailing list