[k9mail/k-9] Makes PGP sign-only mails very difficult (#2375)

Werner Koch wk at gnupg.org
Wed Feb 6 13:50:23 CET 2019

[Please don't cross-post!]

On Tue,  5 Feb 2019 12:47, gnupg-users at gnupg.org said:

> THE DATE PROBLEM. Only the body of the email is signed, not the
> envelope headers, namely the subject and intended recipients, and

Sure, mail headers are subject to changes.  For example by mailing list
software or simpluy by forwarding mail.  Tehre is a reason that OpenPGP
signatures carry a creation date.

> THE STRIPPING PROBLEM. Currently, each attachment is signed separately
> and independently by the PGP-MIME standard. It would be preferable to

Nope.  Please actually read RFC3156 and check compliant implementation -
All I known get it right.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190206/db199508/attachment-0001.sig>

More information about the Gnupg-users mailing list