On Tue, 2006-01-31 at 23:47 +1030, Tim wrote: > On Mon, 2006-01-30 at 23:36 -0600, Arthur Pemberton wrote: > > 1) Can I do both SMIME and PGP in my emails? > > I wouldn't think so. A signature is added to a message as confirmation > that the message hasn't been tampered with, therefore its based on the > message contents. > Conjecture, because adding a signature adds to the contents: If you > were to add one then the other, the first signature would try to > proclaim the message to be okay. The second signature added would try > to proclaim the message with the first signature, in combination, to be > okay. But adding the second signature changed the message, so anyone > trying only to use the first signature (because that's all that their > client supported) would see the message had been changed (by the second > signature). In theory, it should be possible with S/MIME and PGP/MIME (OpenPGP). In each case, the signature is a separate Mime attachment which signs the encoded Mime part (I'm in a big discussion over on MailScanner over busted signatures because they are rewriting and re-encoding the Mime messages when "Sign Clean Messages" is enabled). In practice, I don't know of anyone who is doing it or any software which has that capability. I may try it myself and see what Evolution does with it. I don't have an S/Mime cert installed yet but Evolution allows you to select both "PGP Sign" and "S/MIME" sign together. I don't know what it does with it when you do that. Verification should be amusing as well. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
