OT: Email signing
Michael H. Warfield
mhw at WittsEnd.com
Tue Jan 31 20:43:37 UTC 2006
I guess it would have helped if I had actually flipped the S/MIME bit
BEFORE hitting send. The previous message did not have the S/MIME
signature. This one should. :-( I doubled checked it this time...
Mike
On Tue, 2006-01-31 at 15:32 -0500, Michael H. Warfield wrote:
> On Tue, 2006-01-31 at 23:47 +1030, Tim wrote:
> > On Mon, 2006-01-30 at 23:36 -0600, Arthur Pemberton wrote:
> > > 1) Can I do both SMIME and PGP in my emails?
>
> > I wouldn't think so. A signature is added to a message as confirmation
> > that the message hasn't been tampered with, therefore its based on the
> > message contents.
>
> > Conjecture, because adding a signature adds to the contents: If you
> > were to add one then the other, the first signature would try to
> > proclaim the message to be okay. The second signature added would try
> > to proclaim the message with the first signature, in combination, to be
> > okay. But adding the second signature changed the message, so anyone
> > trying only to use the first signature (because that's all that their
> > client supported) would see the message had been changed (by the second
> > signature).
>
> This message should be signed by both S/MIME and PGP, so, yes, it's
> "possible". In this case, the signatures do nest in a nested multipart
> MIME hierarchy. The message body is encoded quoted-printable in one
> MIME part. The encoded part is then signed and the signature is in
> another MIME part. That assemblage is nested in another MIME part which
> is then S/MIME signed and that forms another MIME part.
>
> Message ----
> Mime S ----
> Mime P ----
> Body
> Mime P ----
> GPG signature on Body
> Mime P ----
> Mime S ----
> S/Mime Signature on Mime P
> Mime S ----
> Message ----
>
> Now, why anyone would want to do this, I don't know. But it obviously
> is possible and Evolution will, obviously, do it. In theory, this
> should work. No guarantees about any and all clients being able to read
> and verify it, however. Evolution certainly handles it. I've seen
> enough compatibility problems between varying clients just withing pure
> PGP/GPG and within pure S/MIME to have any expectations here.
>
> My S/MIME certificate is signed by the CACert.org, <www.cacert.org>,
> root certificate. Maybe we'll see who can verify either with what...
>
> Mike
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060131/fe8963b7/attachment-0001.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1848 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060131/fe8963b7/attachment-0001.bin>
More information about the fedora-list
mailing list