On Tue, Jun 3, 2008 at 9:11 AM, Thomas Dalton thomas.dalton@gmail.com wrote:
On 03/06/2008, Tony Sidaway tonysidaway@gmail.com wrote:
I seem to recall once experimenting with placing the PGP signature into an email header field where it does not impinge on the content. Sadly I don't think there are standard or reliable ways of doing this that are guaranteed to be transmitted by every potential email transport (much less the archiving systems in which most mailing list content ends up). For the same reason, there are probably few email systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
I don't understand why you need the line at the top - just take the beginning of the email to be the beginning of the email, like any normal person... Do email clients and transports ever change the top of an email? I know they add things to the bottom, but I can't remember ever seeing something added to the top.
The top line is needed because a PGP-signed message may not actually be the whole body of an email -- it may not even be in an email. If you have an issue with the way signatures are implemented then I suggest you complain to the OpenPGP community. There is little this list can do about it.
Also, signatures are implemented as a private-key signed message digest. The header specifies the digest algorithm used, and if the verifier is operating in stream mode (e.g. it cannot seek) then placing this information in the footer would make the message unverifiable.