GPG support in Mahogany

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Dec 10 18:50:03 2002


--=-sKnfuWInA0z09y0Tvuoo
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-12-10 at 17:45, Xavier Nodet wrote:
> On Tue, 10 Dec 2002 16:44:37 +0100 Johan Almqvist <johan-gnupg@almqvist.n=
et> wrote:
>=20
> > * Xavier Nodet <xavier.nodet@free.fr> [021210 16:25]:
> >
> >> When a message is signed, we should verify that the 'From:' header
> >> actually matches one of the IDs of the signing key.
>=20
> > Would your method see the signature attached to this message as valid?
>=20
> No, but as I noticed while answering Michael Nahrath, either the key is
> trusted, or it is not. There is not much to get from checking the
> headers.

Depending on how it is displayed, it would close some loopholes for
inattentive users. What I'd wish for in a MUA is that there is a clear
display which data is trusted and which is not.

With OpenPGP/MIME (like this mail), it would be possible to repeat the
To, From, Subject (and similar) headers in the (signed) MIME headers of
the first MIME part (the one with the content), and copy them back (if
present) upon message receipt. So, headers would be fully preserved.

cheers
-- vbi

--=20
this email is protected by a digital signature:  http://fortytwo.ch/gpg

NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481

--=-sKnfuWInA0z09y0Tvuoo
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iHMEABECADMFAj32KYYsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99ayIwCeP+yFrDdsgyXgrcNx2Tx6AxzXY90A
n0uBng3N7NyganORbK3T8v69zd7u
=DHrY
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822

--=-sKnfuWInA0z09y0Tvuoo--