-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Exactly, Bryan.
And I still maintain that it is significantly more bother to the list to have the same thread repeatedly quoted with an ever- increasing amount of >'s than the 5-8 added lines of PGP code–but that's just my own opinion.
Avi
On Sun, Jun 1, 2008 at 12:14 PM, wikien-l-request@lists.wikimedia.org wrote:
---------- Forwarded message ---------- From: Bryan Derksen bryan.derksen@shaw.ca To: English Wikipedia wikien-l@lists.wikimedia.org Date: Sun, 01 Jun 2008 10:01:47 -0600 Subject: Re: [WikiEN-l] -----BEGIN PGP SIGNED MESSAGE-----?
PGP needs that line at the top to indicate where the verified text begins. If PGP doesn't check exactly the same chunk of text that was signed it'll fail to verify, sort of like how earlier in this thread someone was complaining about a mail client that had added a single space to an encrypted block of text which resulted in the whole message being broken.
On 01/06/2008, Avi avi.wiki@gmail.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Exactly, Bryan.
And I still maintain that it is significantly more bother to the list to have the same thread repeatedly quoted with an ever- increasing amount of >'s than the 5-8 added lines of PGP code–but that's just my own opinion.
Of course it is, but it's also more of a bother to be murdered by a mad axeman on your way home. Just because there exists something worse doesn't mean we shouldn't do anything about it.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thomas Dalton wrote:
Of course it is, but it's also more of a bother to be murdered by a mad axeman on your way home. Just because there exists something worse doesn't mean we shouldn't do anything about it.
I don't think anything needs to be done about PGP signatures. I like verifiability. I prefer it. I can prove that my message is uncorrupted and I can prove that I am who I am.
Best, Jon
Touché; well played 8-)
--Avi
On Sun, Jun 1, 2008 at 1:49 PM, Thomas Dalton thomas.dalton@gmail.com wrote:
Of course it is, but it's also more of a bother to be murdered by a mad axeman on your way home. Just because there exists something worse doesn't mean we shouldn't do anything about it.
I seem to recall once experimenting with placing the PGP signature into an email header field where it does not impinge on the content. Sadly I don't think there are standard or reliable ways of doing this that are guaranteed to be transmitted by every potential email transport (much less the archiving systems in which most mailing list content ends up). For the same reason, there are probably few email systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
On Tue, 2008-06-03 at 00:31 +0100, Tony Sidaway wrote:
systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
*Point to this email*
KTC
2008/6/3 Kwan Ting Chan ktc@ktchan.info:
On Tue, 2008-06-03 at 00:31 +0100, Tony Sidaway wrote:
systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
*Point to this email*
Very good! What email client software do you use?
On Tue, 2008-06-03 at 17:40 +0100, Tony Sidaway wrote:
2008/6/3 Kwan Ting Chan ktc@ktchan.info:
On Tue, 2008-06-03 at 00:31 +0100, Tony Sidaway wrote:
systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
*Point to this email*
Very good! What email client software do you use?
It's OpenPGP/MIME rather than base OpenPGP.
Both have advantages & disadvantages, and both are supported by major email client softwares (possibly with the aid of plugins / extensions).
KTC
On 03/06/2008, Tony Sidaway tonysidaway@gmail.com wrote:
I seem to recall once experimenting with placing the PGP signature into an email header field where it does not impinge on the content. Sadly I don't think there are standard or reliable ways of doing this that are guaranteed to be transmitted by every potential email transport (much less the archiving systems in which most mailing list content ends up). For the same reason, there are probably few email systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
I don't understand why you need the line at the top - just take the beginning of the email to be the beginning of the email, like any normal person... Do email clients and transports ever change the top of an email? I know they add things to the bottom, but I can't remember ever seeing something added to the top.
Also, signatures should be separated from the email by "-- " and a new line. Please at least follow the standards...
On Tue, Jun 3, 2008 at 9:11 AM, Thomas Dalton thomas.dalton@gmail.com wrote:
On 03/06/2008, Tony Sidaway tonysidaway@gmail.com wrote:
I seem to recall once experimenting with placing the PGP signature into an email header field where it does not impinge on the content. Sadly I don't think there are standard or reliable ways of doing this that are guaranteed to be transmitted by every potential email transport (much less the archiving systems in which most mailing list content ends up). For the same reason, there are probably few email systems capable of producing or interpreting such signatures. Perhaps there are systems based on placing the body into an appropriate MIME envelope, but if so they can't be in very wide use.
I don't understand why you need the line at the top - just take the beginning of the email to be the beginning of the email, like any normal person... Do email clients and transports ever change the top of an email? I know they add things to the bottom, but I can't remember ever seeing something added to the top.
The top line is needed because a PGP-signed message may not actually be the whole body of an email -- it may not even be in an email. If you have an issue with the way signatures are implemented then I suggest you complain to the OpenPGP community. There is little this list can do about it.
Also, signatures are implemented as a private-key signed message digest. The header specifies the digest algorithm used, and if the verifier is operating in stream mode (e.g. it cannot seek) then placing this information in the footer would make the message unverifiable.