OT: Email signing

Michael H. Warfield mhw at WittsEnd.com
Tue Jan 31 20:32:22 UTC 2006 

On Tue, 2006-01-31 at 23:47 +1030, Tim wrote:
> On Mon, 2006-01-30 at 23:36 -0600, Arthur Pemberton wrote:
> > 1) Can I do both SMIME and PGP in my emails?

> I wouldn't think so.  A signature is added to a message as confirmation
> that the message hasn't been tampered with, therefore its based on the
> message contents.

> Conjecture, because adding a signature adds to the contents:  If you
> were to add one then the other, the first signature would try to
> proclaim the message to be okay.  The second signature added would try
> to proclaim the message with the first signature, in combination, to be
> okay.  But adding the second signature changed the message, so anyone
> trying only to use the first signature (because that's all that their
> client supported) would see the message had been changed (by the second
> signature).

	This message should be signed by both S/MIME and PGP, so, yes, it's
"possible".  In this case, the signatures do nest in a nested multipart
MIME hierarchy.  The message body is encoded quoted-printable in one
MIME part.  The encoded part is then signed and the signature is in
another MIME part.  That assemblage is nested in another MIME part which
is then S/MIME signed and that forms another MIME part.

        Message ----
                Mime S ----
                        Mime P ----
                                Body
                        Mime P ----
                                GPG signature on Body
                        Mime P ----
                Mime S ----
                        S/Mime Signature on Mime P
                Mime S ----
        Message ----

	Now, why anyone would want to do this, I don't know.  But it obviously
is possible and Evolution will, obviously, do it.  In theory, this
should work.  No guarantees about any and all clients being able to read
and verify it, however.  Evolution certainly handles it.  I've seen
enough compatibility problems between varying clients just withing pure
PGP/GPG and within pure S/MIME to have any expectations here.

	My S/MIME certificate is signed by the CACert.org, <www.cacert.org>,
root certificate.  Maybe we'll see who can verify either with what...

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060131/7d5a0d79/attachment-0001.sig>

More information about the fedora-list mailing list