[k9mail/k-9] Makes PGP sign-only mails very difficult (#2375)
Werner Koch
wk at gnupg.org
Wed Feb 6 13:50:23 CET 2019
[Please don't cross-post!]
On Tue, 5 Feb 2019 12:47, gnupg-users at gnupg.org said:
> THE DATE PROBLEM. Only the body of the email is signed, not the
> envelope headers, namely the subject and intended recipients, and
Sure, mail headers are subject to changes. For example by mailing list
software or simpluy by forwarding mail. Tehre is a reason that OpenPGP
signatures carry a creation date.
> THE STRIPPING PROBLEM. Currently, each attachment is signed separately
> and independently by the PGP-MIME standard. It would be preferable to
Nope. Please actually read RFC3156 and check compliant implementation -
All I known get it right.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190206/db199508/attachment-0001.sig>
More information about the Gnupg-users
mailing list