-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 15.03.13 15:47, Daniel Kahn Gillmor wrote: > On 03/15/2013 03:48 AM, Patrick Brunschwig wrote: >> On 15.03.13 07:32, Daniel Kahn Gillmor wrote: >>> On 03/15/2013 02:20 AM, Daniel Kahn Gillmor wrote: >>>> I'm signing this message using S/MIME, out of curiosity to >>>> see what it does after the mailman footer is appended. >> >>> OK, i've checked this out now, and Thunderbird silently >>> ignores all S/MIME signatures unless the entire message itself >>> is S/MIME-signed. (that is, the top level Content-Type needs to >>> be multipart/signed) >> >> I get a "red" signature indicator from your message (which means >> signature invalid). > > You get this for Message-ID: 5142bda8.6000...@fifthhorseman.net ? > does it have the enigmail-users mailman footer in your copy? If > so, i'm interested in figuring out what is different between your > version of thunderbird and mine. I wouldn't expect to see any > evaluation of the signature in question.
I just noticed that you sent the message directly to me, i.e. I did not get it from mailman. Mailman seems to be clever enough to not send me the message if I'm already in the To or Cc list. This explains why I get a signature indication and you don't. >> I personally think that the best compromise is to display the >> status as we do now, but prefix it with something like "only a >> part of the message is signed". I'd love to hear other opinions >> though. > > just brainstorming: there's also the inline-pgp approach, which > brackets the signed part with lines like: > > ********* *BEGIN ENCRYPTED or SIGNED PART* ********* > > Patrick Brunschwig did not write this. > > ********** *END ENCRYPTED or SIGNED PART* ********** > > But this is itself spoofable, because messages can contain these > strings (e.g. which part of this message was actually signed by > Patrick?) Right. An in addition, this approach does not work for PGP/MIME messages, as you cannot put this around attachments. I don't think that the current Thunderbird UI fits to marking partially signed messages correctly. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEVAwUBUUNNh8k25cDiHiw+AQiJaQf/UajM+iCVEAXzglowC1UI+1NO67vUma4M c8sMzt0rJ6ikIyt94AEHzZrFaEuo9YIEIusrO5Cgv6NZ00IpMnzjj/BS7a8fUuz7 LP7nIeT3JciOqc2CeM9buNvG/zmvHCN+vHmT9yGJJfYSly3tE7fCJP42T0BtdRop 4UOB/RueDmUmwMePVUIHiTOgkV9vcdO3v+1b51B8/ad1/rRHLrb94Ef4JEHIYJdj 5uTN/o8FJOyXEv1vsUoSoIJXIe03SU1F5gT9kvxHsRsGZZtRXpyvl11B3MDp1SCi pWqK4/D7aeuIDKM3XDsLsh8znbo5O9IVdCXWNHUqu5cGRWblZcqlGg== =9aMm -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
