-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 27 Jan 2011, at 17:52, Charly Avital wrote: > Andrew Long wrote the following on 1/27/11 12:11 PM: >>> By "remain unverifiable", do you mean that the signature is bad? >> >> Exactly. The exact failure is 'no signature creation date available' > > That's how GPGMail defines (usually) a signature. > >> All four mails have arrived and verified successfully. The common factor >> seems to be that mail sent directly to me can be verified as a good >> signature regardless of the signature, whilst mail coing from the list will >> only verify as good if the signature is in-line, or as part of an encrypted >> message. > > Then it is possible that the different mail servers, including the > list's mail server mangle somehow the attachment to the e-mail, that is > the signature. >> >> For my next trick, I shall post a small, openPGP/MIME signed message both to >> the list and directly to myself. I'll then be able to compare what I sent to >> both versions of what I receive. > > I received your two messages posted to the list, they both verified OK. > > Charly > Well, I didn't... I received the in-line signed ones OK, as expected. However, both the direct (through Yahoo) and the list posting both exhibited bad signatures. I've done diff's on the outgoing message (from my 'sent' mailbox) and both the incoming mails. The actual body text and the signature blocks are identical. However, the mime-contet headers have been mangled; what got sent out was all on one line, while what came in had newline whitespace inserted between parameter values (which I believe is allowed by the MIME specification) So does gpg include the MIME content headers in what is signed? I believe it doe, as a test mail that I sent out yesterday (only to myself, not to the list), came back in with the mime-content headers unchanged and verified OK (the outgoing mail had broken the headers itself, unlike the mail today) Regards, Andy - -- Andrew Long andrew dot long at mac dot com -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iF4EAREIAAYFAk1BvKMACgkQRL8D6wymVNb9pwD/Slsh4oF5Hd1LsQncLzfKXxQd itLk3ivfzNIwlwrRHfIBAJ+LwLQ/JTaI/aJjNnB/wG00Y7LwwzYMJ2KKFgSmmVor =1cKq -----END PGP SIGNATURE----- _______________________________________________ gpgtools-users mailing list [email protected] FAQ: http://www.gpgtools.org/faq.html Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1 This email sent to: [email protected]
