Is the signature encrypted
johanw at vulcan.xs4all.nl
Mon Nov 5 16:47:40 CET 2012
On 05-11-2012 16:29, Hauke Laging wrote:
> I don't understand why PGP/MIME
> does not define a seperate signature for the relevant sender created headers
> (from, to, subject, date). That would protect the headers and allow filters to
> check the sender without exposing the data signature.
That would lead to many false warnings about signature errors, since
those headers are often mangled with by mail transport software ("long"
lines broken, (de)html-ized, control characters inserted (%20 instead of
a space), etc. etc.
You would have to implement "fuzzy signature checking", just like using
text mode ignores \n\r and \n differences but than more extensive. I
predict that it will be nearly impossible to get this both so adaptive
that the number of false sig errors reduces to almost zero AND does not
contain lots of holes for spammers to exploit.
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users