-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/12/2013 03:46 PM, Daniel Kahn Gillmor wrote: > Hi Enigmail folks-- > > The message i'm writing right now is not signed by me (please > inspect the source to verify). However, when viewed in enigmail, I > believe it will have a "Good signature" header if you already have > my key.
I do indeed already have your key. I'm not sure where from. Are you involved with sks? > > This is because i've attached another e-mail from me below, and > that e-mail itself is signed. that is, this message has a > message/rfc822 subpart that itself contains a PGP/MIME-signed > message. Confirmed. > > Using the enigmail UI, i see no way to distinguish which part of > the message is actually the signed part. It certainly doesn't highlight that the attachment is signed rather than the message body. > > This seems to be a serious message verification/authenticity > concern. If anyone is unclear on the risk and is willing to > volunteer, i'd be willing to craft a bogus message to you from your > own e-mail. just send me a PGP/MIME-signed message, and i'll send > you back a different message "from yourself" that appears to be > signed by you. I'm cc'ing you directly with this message. Let's play! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRQB5XAAoJELJhbl/uPb4Sx+UQALaHSNKJ1wHMSI2aFl0ZhJQR W9sY7mINLeqRUAdVLlkip8PNWIhW0ZDK8XcrXmOaWIUp6qFs7jL1P3BpdMGxeDzR B0SUPJT8AGd0yxQknKDJOVF3A/mA+xEkKMSZ6jV6gq1ZOeQtDW4x6LvEQ4b2nzS0 8TJONN7IaekgqO4oiiRcb6xqC2UBo4bMrh7HJ9u9Qza0sImYtjF1g/UiXXXNM7oM ymkckkcbTreZzF5iKK8695twQukauNuFybW+hSyzhye0SxFS02Hwn7NODPhG2GjA uxazDKNQhDBDY0DZgTat4/SrOwiJ2wUPvR4s7y2Hm446jVXDAYfAWwbXYcQ72BiT rDYghLmoiOHIpcJMQvUnQxeiQi5lU3GaE5xn0kiCGHmoL7CDomFuVLrXiITCmhRQ TTrwr9goP9sL21yWMOCf6q76kfQsgAT3GreB3AZ5JsqUHlrPJzCBjAh/vDsrHN5a rLiqY/hBwc9foqpN3I0YBGEXb4ctOocvPHUCen3yuVb95YIRvrKbxZ0lMz8Hxbrh YGhcIrDIHKAngWcWoSyEi3cTdO6P2v6vnucS47cgEdT5nySd2JSJEnly6dPQ4dAk s/tnnNGa2kCDiYF9EgLPpKFTM4LbJAD4POGj+kqD1lfYN2FCtw89tb3I0judxfYE HMi6zRD8U7VtFb9wLgKn =Lx/5 -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
