no, it's not an email client problem, ...

David Shaw dshaw at jabberwocky.com
Wed Apr 4 14:38:38 CEST 2007


On Wed, Apr 04, 2007 at 08:44:32AM +0200, Sven Radde wrote:
> Hi!
> 
> Robert J. Hansen schrieb:
> > It is not feasible to undetectably remove, add, or modify text in a
> > clearsigned message.
> >
> > Your example adds, modifies, etc., text in the _signature_.
> >
> > The _message_ remains protected.
> It should have become clear by the course of the discussion that not
> everybody is aware of this (arguably) subtle distinction.
> I assume that it would even less the case for GnuPG users that do not
> follow this list (i.e. non-geeks, a.k.a. end-users, no offense intended :-).
> I thought myself to be quite an adept user of GnuPG but did not realize
> that Comment lines could be freely altered. Congrats to everyone who was
> actively aware of the fact before this discussion was brought up here,
> but, IMHO, said group would have been limited to the developers or other
> deeply involved people.
> 
> On the other hand, the implications of this are not so serious as to
> make a huge fuss about it.
> I would suggest to include a suitable paragraph into the man-pages and
> other end-user targeted documentation on gnupg.org. While a end-user
> cannot be expected to read an RFC, the man-page is surely not beyond
> his/her reach.

I almost hate to drag reality into this discussion, but the man page
does say exactly that:

   --comment string
   --no-comments
       Use string as a comment string in clear text signatures and
       ASCII armored messages or keys (see --armor).  The default
       behavior is not to use a comment string.  --comment may be
       repeated multiple times to get multiple comment strings.
       --no-comments removes all comments.  It is a good idea to keep
       the length of a single comment below 60 characters to avoid
       problems with mail programs wrapping such lines.  Note that
       comment lines, like all other header lines, are not protected
       by the signature.

And while we're at it, the RFC says it too:

   The Armor Headers are pairs of strings that can give the user or
   the receiving OpenPGP implementation some information about how to
   decode or use the message.  The Armor Headers are a part of the
   armor, not a part of the message, and hence are not protected by
   any signatures applied to the message.

David



More information about the Gnupg-users mailing list