OT: Email signing

Michael H. Warfield mhw at WittsEnd.com
Tue Jan 31 20:43:37 UTC 2006 

I guess it would have helped if I had actually flipped the S/MIME bit
BEFORE hitting send.  The previous message did not have the S/MIME
signature.  This one should.  :-(  I doubled checked it this time...

	Mike

On Tue, 2006-01-31 at 15:32 -0500, Michael H. Warfield wrote:
> On Tue, 2006-01-31 at 23:47 +1030, Tim wrote:
> > On Mon, 2006-01-30 at 23:36 -0600, Arthur Pemberton wrote:
> > > 1) Can I do both SMIME and PGP in my emails?
> 
> > I wouldn't think so.  A signature is added to a message as confirmation
> > that the message hasn't been tampered with, therefore its based on the
> > message contents.
> 
> > Conjecture, because adding a signature adds to the contents:  If you
> > were to add one then the other, the first signature would try to
> > proclaim the message to be okay.  The second signature added would try
> > to proclaim the message with the first signature, in combination, to be
> > okay.  But adding the second signature changed the message, so anyone
> > trying only to use the first signature (because that's all that their
> > client supported) would see the message had been changed (by the second
> > signature).
> 
> 	This message should be signed by both S/MIME and PGP, so, yes, it's
> "possible".  In this case, the signatures do nest in a nested multipart
> MIME hierarchy.  The message body is encoded quoted-printable in one
> MIME part.  The encoded part is then signed and the signature is in
> another MIME part.  That assemblage is nested in another MIME part which
> is then S/MIME signed and that forms another MIME part.
> 
>         Message ----
>                 Mime S ----
>                         Mime P ----
>                                 Body
>                         Mime P ----
>                                 GPG signature on Body
>                         Mime P ----
>                 Mime S ----
>                         S/Mime Signature on Mime P
>                 Mime S ----
>         Message ----
> 
> 	Now, why anyone would want to do this, I don't know.  But it obviously
> is possible and Evolution will, obviously, do it.  In theory, this
> should work.  No guarantees about any and all clients being able to read
> and verify it, however.  Evolution certainly handles it.  I've seen
> enough compatibility problems between varying clients just withing pure
> PGP/GPG and within pure S/MIME to have any expectations here.
> 
> 	My S/MIME certificate is signed by the CACert.org, <www.cacert.org>,
> root certificate.  Maybe we'll see who can verify either with what...
> 
> 	Mike
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060131/fe8963b7/attachment-0001.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1848 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060131/fe8963b7/attachment-0001.bin>

More information about the fedora-list mailing list