On 1/19/2009 10:19 PM, Taylor, Grant wrote:
I will play with forwarding an S/MIME signed / encrypted message and let you know what my MUAs (of choice) do with the message/rfc822 MIME body part.
I just sent my self an S/MIME signed message and then forwarded it as an attachment (message/rfc822). When I read the forwarded message in line (preview pane or opening the forwarding message) I can read the forwarded message, but it has no indication that the forwarded message is signed. I have to actually open the forwarded attached signed message in it's own window to have any indication if the signature is valid or not. Encrypted (as opposed to signed) messages behaved the same way. The same holds true for a forward of the forward of the original signed / encrypted message.
This means that it is possible to enclose a multipart/signed message as a message/rfc822 MIME part and have it successfully display. The only problem is that the attachments them selves would have to be opened (as opposed to viewing them inline) to have any indication if the signature is valid. Thus I think that Mailman (or any thing else doing similar types of operations) should attach the original signed message as a message/rfc822 MIME part *AND* sign it's own message including a textual note that the original message had a valid signature. This way, by the fact that the message that is received is signed (thus more or less trusted) and stating that the original message had a valid signature. Further if recipients want to verify this, they can open the attached message/rfc822 MIME part and verify for them selves.
At least this is how Thunderbird and Outlook Express behaves. Grant. . . . ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
