[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exmh-users
Subject:    Re: On PGP bug, again :-(
From:       Ben Escoto <benscott () mcs ! net>
Date:       1997-08-29 4:25:21
[Download RAW message or body]


>>>>> "Michele" == Michele Bini <mbini@dada.it>
>>>>> wrote the following on Thu, 28 Aug 1997 16:01:18 +0200

  Michele> Again, this is PGP that automatically turns off text mode
  Michele> when it processes what it believes to be binary data (I'm
  Michele> going to think that PGP tries to be too smart).

	This makes sense.  Perhaps the solution is not to use text
mode when signing.  I think the Mew author took this approach,
probably with good reason.

	There are some other recommended steps that exmh does not
take.  For instance, if a line ends in spaces, it is recommended that
the message be quotable/printable encoded for added safety.

  Michele> Anyway, I don't really understand why PGP text mode causes
  Michele> problems: if PGP believes that the message is binary then
  Michele> it will both check and verify in binary mode, and the
  Michele> signature should be fine.

	I'm not sure if verification is done in text mode or not, but
it wouldn't matter - by unix convention, lines end in LF only, while
the PGP/MIME standard requires them to end in CRLF.

	If a message is signed in text mode, the signature is computed
as if all the lines ended in CRLF.  When exmh checks a signature, it
inserts a CR in each line before checking.  If you signed in binary,
the CR's would be specifically absent, and would not match the
reconstructed signed text.


--
Ben Escoto
PGP/MIME mail welcome - finger bescoto@leland.stanford.edu for key


[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]