Re: problem using quoted printable encoding with gpg
On 2000-12-02 10:43:07 -0500, Sam Varshavchik wrote: >>> Sendmail has been rewriting 8bit to quoted-printable content >>> for decades, when relaying 8bit mail to 7bit-only relays. >> First of all, sendmail has of course not done that "from the >> beginning", since it's considerably older than MIME. That MIME > Sorry to confuse you with facts, but the entire purpose behind > sendmail's creation was to be able to push mail between widely > dissimilar systems that used widely different mail formats. Oh yes, of course, it has been rewriting 8bit to quoted-printable "for decades", which was your original claim - see above. You may wish to notice that quoted-printable hasn't been specified before the early nineties. Maybe you try to get _your_ facts straight. > A small quote from the Oreilly book > (http://www.bigmouse.net/literature/Oreilly/sendmail/prf1_02.htm): >Responding to these and other changes, Eric evolved >delivermail into sendmail. To ensure that messages transferred >between networks would obey the conventions required by those >networks, Eric took a "liberal" approach - modifying address >information to conform, rather than rejecting it. At the time, >for example, UUCP mail often had no headers at all, so >sendmail had to create them from scratch. > Facts can be a stubborn thing, heh? Sendmail has been rewriting > messages for years -- yes, "from the beginning" -- even before > MIME came into being. MIME is just a modern standard for > rewriting mail in today's environment. You may wish to notice that there is a difference between rewriting headers (which sendmail has been doing for a long time), and between messing around with the mail body. >> rewriting stuff is a rather new invention, > No it's not. Of course not - when you rip things out of context. > Anything that requires mail to be delivered from point A to point > B with its headers intact is a completely broken protocol. This is ridiculous. One could, just as well, argue that any protocol which isn't even able to transport messages without messing around with them is broken. >>> Bottom line: RFC 1847 is broken. It breaks several decades' >>> worth of established mail protocols and conventions. >> This is nonsense. Please try getting a clue about e-mail >> standards before you start coding. > Well, then, Einstein, go ahead and code up a mail server, to show > me how. Why should I? There are nicely working MTAs which (1) don't ignore the relevant specifications and (2) whose authors do have a clue. Try looking at sendmail, postfix, or qmail for reference. -- Thomas Roessler <[EMAIL PROTECTED]>
Re: problem using quoted printable encoding with gpg
On 2000-12-01 07:55:05 -0500, Sam Varshavchik wrote: > Sendmail has been rewriting 8bit to quoted-printable content for > decades, when relaying 8bit mail to 7bit-only relays. This > involves rewriting both the headers and the actual content of the > MIME section. Of course MTAs are free to rewrite both headers > and contents. Sendmail was doing this right from the beginning. First of all, sendmail has of course not done that "from the beginning", since it's considerably older than MIME. That MIME rewriting stuff is a rather new invention, and can arguably be considered a bad design. > Interesting. RFC 1847 would seem to require the sending mail > client to telepathically determine, in advance, whether all mail > relays that will pass along this message, at some point in the > future, will be capable of handling the message's chosen > encoding. RFC 1847 mandates very strict restrcitions on the encodings to be used when sending multipart/signed (i.e., 7bit only), so this is not an issue. (But you could have easily found out about this yourself, just by reading that standard.) > And, if the mail relay cannot accomodate the message's transfer > encoding, there's no choice but to bounce the mail, because you > can't rewrite it even thuogh you technically can? Gee, what a > "secure" concept. Please, try reading and understanding the specifications before. >> Please also note that this does not only affect PGP/MIME, but >> S/MIME and MOSS as well. > I must've imagined all the PGP-signed messages I've been sending > all these years, with nary a problem. Let me guess - you have never ever used S/MIME's multipart/signed, and you are using old-style PGP messages, right? > Bottom line: RFC 1847 is broken. It breaks several decades' > worth of established mail protocols and conventions. This is nonsense. Please try getting a clue about e-mail standards before you start coding. -- Thomas Roessler <[EMAIL PROTECTED]>
Re: problem using quoted printable encoding with gpg
Anand Buddhdev proclaimed on mutt-users that: > Alright. So there's a problem. Maybe courier is wrong is doing what it > does. Maybe the RFC is ambigious. That still leaves me with the problem of > sending PGP signed messages which are unverifiable. Does anyone have any > soltions for me? Install sendmail / postfix / exim or whatever? -- Suresh Ramasubramanian + Wallopus Malletus Indigenensis mallet @ cluestick.org + Lumber Cartel of India, tinlcI Absence makes the heart grow fonder -- of somebody else.
Re: problem using quoted printable encoding with gpg
On Thu, Nov 30, 2000 at 02:31:27PM +, David Ellement wrote: > > Now, this entire MIME body part is encrypted/signed, and eventually > > put into some more MIME sugar. Here, PGP only ever touches us-ascii > > text (with which it deals nicely); the actual character set > > conversions are left to the software which interprets the inner MIME > > layers. > > > Which leave two possibilities: > > - The author of courier is mistaken > - The relevant standards are ambiguous Alright. So there's a problem. Maybe courier is wrong is doing what it does. Maybe the RFC is ambigious. That still leaves me with the problem of sending PGP signed messages which are unverifiable. Does anyone have any soltions for me? -- Anand
Re: problem using quoted printable encoding with gpg
On 2000-11-30 18:32:42 +0100, Anand Buddhdev wrote: > Now I'm not an expert on MIME and PGP, so I don't know who's at > fault here. The author of the MTA I use (courier) says that MTAs > are free to rewrite headers as necessary, while obviously it's > causing a problem for me. I also realise that it's not really a > mutt issue at all, so I will not pursue this issue on the mutt > list anymore. While MTAs are indeed free to rewrite headers as long as they are not corrupted, they are _not_ free to rewrite bodies. Technically, nested MIME headers are part of the body, and _not_ part of the header. See also RFC 1847: The entire contents of the multipart/signed container must be treated as opaque while it is in transit from an originator to a recipient. Intermediate message transfer agents must not alter the content of a multipart/signed in any way, including, but not limited to, changing the content transfer encoding of the body part or any of its encapsulated body parts. Please also note that this does not only affect PGP/MIME, but S/MIME and MOSS as well. -- Thomas Roessler <[EMAIL PROTECTED]>
Re: problem using quoted printable encoding with gpg
On 001130, at 18:32:42, Anand Buddhdev wrote: > Ok. I've done some more digging. After I send a signed message, I can > verify the fcc copy. However, I can't verify the cc: copy, and also, > the recipient can't verify the copy he receives. I've traced it down to > the following: > > The boundary is different because the MTA has re-written > it. Also notice that the order of the Content-Disposition and the > Content-Transfer-Encoding headers is different. If I now manually edit > the Cc: copy (and the recipient also modifies his copy) to make the > order of the headers the same as the original message, THEN the message > signature verifies correctly. > > Now I'm not an expert on MIME and PGP, so I don't know who's at fault > here. The author of the MTA I use (courier) says that MTAs are free to > rewrite headers as necessary, while obviously it's causing a problem > for me. I also realise that it's not really a mutt issue at all, so I > will not pursue this issue on the mutt list anymore. A few weeks ago, Thomas Roessler explained how PGP/MIME works: > On 2000-10-03 01:45:02 +0300, Eugene Paskevich wrote: > > > Can you explain what do you mean? app/pgp is Content-Type; > > but what is PGP/MIME? And is it the way decide my problem? > > PGP/MIME is what mutt uses to send pgp-encrypted and -signed > messages. The idea is basically this: You take the message, then > MIME-encode it entirely. The result looks like this (for example): > > Content-Type: text/plain; charset=iso-8859-1 > Content-Transfer-Encoding: quoted-printable > > This attachment contains umlauts: =E4=F6=FC=DF > > Now, this entire MIME body part is encrypted/signed, and eventually > put into some more MIME sugar. Here, PGP only ever touches us-ascii > text (with which it deals nicely); the actual character set > conversions are left to the software which interprets the inner MIME > layers. Which leave two possibilities: - The author of courier is mistaken - The relevant standards are ambiguous -- David Ellement <[EMAIL PROTECTED]>
Re: problem using quoted printable encoding with gpg
On Mon, Nov 27, 2000 at 11:40:35PM -0800, David Ellement wrote: [ Background: I was having trouble verifying PGP signatures within mutt. I thought it might have been a mutt issue, and asked on the mutt list. Now I think it is a courier issue, hence the Cc: to Sam Varshavchik ] > Perhaps you would trigger a little more response if you could identify which > copy of the message are you unable to verify: > > - a copy of the message received by the recipient? > - a copy of the message you received as a cc:/bcc: copy? > - a copy saved by mutt as the fcc copy? Ok. I've done some more digging. After I send a signed message, I can verify the fcc copy. However, I can't verify the cc: copy, and also, the recipient can't verify the copy he receives. I've traced it down to the following: In my Fcc copy of the message, the message content with headers is as follows: --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable test --=20 Anand --Kj7319i9nmIyA2yE In My cc: copy of the message, and in the recipient's copy, this is how the message content looks: --=_18425-975598711-1-2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Content-Disposition: inline test --=20 Anand --=_18425-975598711-1-2 The boundary is different because the MTA has re-written it. Also notice that the order of the Content-Disposition and the Content-Transfer-Encoding headers is different. If I now manually edit the Cc: copy (and the recipient also modifies his copy) to make the order of the headers the same as the original message, THEN the message signature verifies correctly. Now I'm not an expert on MIME and PGP, so I don't know who's at fault here. The author of the MTA I use (courier) says that MTAs are free to rewrite headers as necessary, while obviously it's causing a problem for me. I also realise that it's not really a mutt issue at all, so I will not pursue this issue on the mutt list anymore. Sam, any comments? -- Anand
Re: problem using quoted printable encoding with gpg
On 001127, at 18:15:42, Anand Buddhdev wrote: > On Mon, Nov 27, 2000 at 04:46:47AM +0200, [EMAIL PROTECTED] wrote: > > > Anand Buddhdev wrote: > > : If I send a message with mutt 1.2, and sign it with gpg 1.0.4, and if the > > : message has no quoted printable encoding, then the recipient, also using > > : 1.2 and gpg 1.0.4, can verify the signature. > > : > > : However, if I send the same message with quoted-printable encoding turned > > : on, then the recipient CANNOT verify the signature. > > > > Does you can verify this message? > > I cannot verify the message. > > > Does your recipient can verify this message? > > My recipient cannot verify the message. > > ... > Odd thing is, nobody is saying anything on this matter, not even the > developers. It's as if my message is being ignored completely. Perhaps you would trigger a little more response if you could identify which copy of the message are you unable to verify: - a copy of the message received by the recipient? - a copy of the message you received as a cc:/bcc: copy? - a copy saved by mutt as the fcc copy? -- David Ellement
Re: problem using quoted printable encoding with gpg
Anand Buddhdev wrote: : On Mon, Nov 27, 2000 at 04:46:47AM +0200, [EMAIL PROTECTED] wrote: : > Does you can verify this message? : : I cannot verify the message. : : > Does your recipient can verify this message? : : My recipient cannot verify the message. : : > Does you or your recipient use some proxy what decode/encode/recode : > quoted-printable (and/or any another) MIME-formed messages? : : No. We both use mutt 1.2 with gpg 1.0.4 with the standard options - no : weird things in the .muttrc [expression on] Brrr!!! Magic! Black magic!!! [expression off] Does you can send to me .muttrc, Muttrc, gpg.rc and ~/.gnupg/options used by you? _Without_ private information of cource, replace it by some garbage. (I never use 1.2 version and therefore don't know what is standard settings for this branch). IMHO 90% what bug is somewhere in configuration -- you is first who have this behavior. Yet another possibility/question -- do you have some rules in .procmailrc for patching application/pgp and similar? -- Andrew W. Nosenko ([EMAIL PROTECTED])
Re: problem using quoted printable encoding with gpg
On Mon, Nov 27, 2000 at 04:46:47AM +0200, [EMAIL PROTECTED] wrote: > Anand Buddhdev wrote: > : If I send a message with mutt 1.2, and sign it with gpg 1.0.4, and if the > : message has no quoted printable encoding, then the recipient, also using > : 1.2 and gpg 1.0.4, can verify the signature. > : > : However, if I send the same message with quoted-printable encoding turned > : on, then the recipient CANNOT verify the signature. > > Does you can verify this message? I cannot verify the message. > Does your recipient can verify this message? My recipient cannot verify the message. > Does you or your recipient use some proxy what decode/encode/recode > quoted-printable (and/or any another) MIME-formed messages? No. We both use mutt 1.2 with gpg 1.0.4 with the standard options - no weird things in the .muttrc > : For now, I have turned off the pgp_strict_enc variable in my muttrc, > : but it's only a work-around. There has to be a proper solution. > > You right -- this is not proper sulution at all. Odd thing is, nobody is saying anything on this matter, not even the developers. It's as if my message is being ignored completely. -- Anand
Re: problem using quoted printable encoding with gpg
Anand Buddhdev wrote: : If I send a message with mutt 1.2, and sign it with gpg 1.0.4, and if the : message has no quoted printable encoding, then the recipient, also using : 1.2 and gpg 1.0.4, can verify the signature. : : However, if I send the same message with quoted-printable encoding turned : on, then the recipient CANNOT verify the signature. Does you can verify this message? Does your recipient can verify this message? Does you or your recipient use some proxy what decode/encode/recode quoted-printable (and/or any another) MIME-formed messages? : For now, I have turned off the pgp_strict_enc variable in my muttrc, : but it's only a work-around. There has to be a proper solution. You right -- this is not proper sulution at all. -- Andrew W. Nosenko([EMAIL PROTECTED]) PGP signature
