EICS proposal

[Ingo Klöcker]

--Boundary-02=_s1vP+oDfWvxkcjS
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Monday 03 February 2003 17:25, greg@turnstep.com wrote:
> I've been wrestling around with the problem of representing external
> information inside of a signed email message, and would like
> feedback on a possible solution. The problem is that I can sign
> the content of this message, but cannot easily sign other information
> associated with it, such as the fact that I sent it to the
> gnupg-users list, the email address I sent it from, and the subject
> line I used. The solution I came up with is to use a standardized
> checksum and a small code within the signed message that a mail
> program can use to verify the external information. This message has
> such a code: if you generate a SHA1 checksum on the "From", "To", and
> "Subject" line of this email, it should match the code below. Full
> details:
>
> http://www.gtsm.com/eics.html

=46orget it. The contents of the From and the To headers is not guaranteed=
=20
to be transfered unchanged. For example many MTAs convert the email=20
addresses into a canonical format (by moving all comments to the end,=20
etc.). This will of course break your checksum.

The only way to achieve what you want to do is to do what Adrian already=20
proposed, namely to repeat the relevant headers in the message body.

Regards,
Ingo


--Boundary-02=_s1vP+oDfWvxkcjS
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+Pv1sGnR+RTDgudgRAmpTAKDGqcwYZq80URQcwo6hrCebpU+9fgCeKvqX
MyelOd6npt1I3vFBaLKfPmQ=
=BEX4
-----END PGP SIGNATURE-----

--Boundary-02=_s1vP+oDfWvxkcjS--