[k9mail/k-9] Makes PGP sign-only mails very difficult (#2375)

justina colmena justina at colmena.biz
Tue Feb 5 22:47:10 CET 2019


On February 4, 2019 8:07:33 AM AKST, Citizen Kepler <notifications at github.com> wrote:
>I would like to say that I need to have a signature on all of the
>emails that I send to authenticate me as the sender, but not encrypt
>them.  Often these messages are going back into bug tracking systems or
>mailing lists, and manually signing each email is a bad solution.   I
>will need to allow a opt-in sign by default option. 

[[[Date: Tuesday, February 5, 2019, 12:45 PM AKST]]]
PGP signatures do have a couple of rather severe and vicious limitations.

THE DATE PROBLEM. Only the body of the email is signed, not the envelope headers, namely the subject and intended recipients, and probably most importantly, the date. It would be nice to have an option to automatically include some of these headers in the body of the signed message when composing a signed email message.

THE STRIPPING PROBLEM. Currently, each attachment is signed separately and independently by the PGP-MIME standard. It would be preferable to digitally sign SHA hashes of the main message and all attachments in a single additional attachment. This would leave an indication of any attachments that may have been "stripped" from the email message, but without breaking the signatures of remaining attachments in such cases.

Bust that 55+ EFF nightclub and do it right, folks, unless it's the youth wing spouting the exact same old fogies' party line. ....
-- 
Una Milicia bien regulada, estando necesaria a la seguridad de un Estado libre, el derecho del pueblo de tener y de portar Armas, no será infringido.

https://www.colmena.biz/~justina/contacto.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 683 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190205/ff5f6c3d/attachment.sig>


More information about the Gnupg-users mailing list