no, it's not an email client problem, ...
dshaw at jabberwocky.com
Wed Apr 4 14:38:38 CEST 2007
On Wed, Apr 04, 2007 at 08:44:32AM +0200, Sven Radde wrote:
> Robert J. Hansen schrieb:
> > It is not feasible to undetectably remove, add, or modify text in a
> > clearsigned message.
> > Your example adds, modifies, etc., text in the _signature_.
> > The _message_ remains protected.
> It should have become clear by the course of the discussion that not
> everybody is aware of this (arguably) subtle distinction.
> I assume that it would even less the case for GnuPG users that do not
> follow this list (i.e. non-geeks, a.k.a. end-users, no offense intended :-).
> I thought myself to be quite an adept user of GnuPG but did not realize
> that Comment lines could be freely altered. Congrats to everyone who was
> actively aware of the fact before this discussion was brought up here,
> but, IMHO, said group would have been limited to the developers or other
> deeply involved people.
> On the other hand, the implications of this are not so serious as to
> make a huge fuss about it.
> I would suggest to include a suitable paragraph into the man-pages and
> other end-user targeted documentation on gnupg.org. While a end-user
> cannot be expected to read an RFC, the man-page is surely not beyond
> his/her reach.
I almost hate to drag reality into this discussion, but the man page
does say exactly that:
Use string as a comment string in clear text signatures and
ASCII armored messages or keys (see --armor). The default
behavior is not to use a comment string. --comment may be
repeated multiple times to get multiple comment strings.
--no-comments removes all comments. It is a good idea to keep
the length of a single comment below 60 characters to avoid
problems with mail programs wrapping such lines. Note that
comment lines, like all other header lines, are not protected
by the signature.
And while we're at it, the RFC says it too:
The Armor Headers are pairs of strings that can give the user or
the receiving OpenPGP implementation some information about how to
decode or use the message. The Armor Headers are a part of the
armor, not a part of the message, and hence are not protected by
any signatures applied to the message.
More information about the Gnupg-users