Re: OT: Email signing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-01-31 at 23:47 +1030, Tim wrote:
> On Mon, 2006-01-30 at 23:36 -0600, Arthur Pemberton wrote:
> > 1) Can I do both SMIME and PGP in my emails?

> I wouldn't think so.  A signature is added to a message as confirmation
> that the message hasn't been tampered with, therefore its based on the
> message contents.

> Conjecture, because adding a signature adds to the contents:  If you
> were to add one then the other, the first signature would try to
> proclaim the message to be okay.  The second signature added would try
> to proclaim the message with the first signature, in combination, to be
> okay.  But adding the second signature changed the message, so anyone
> trying only to use the first signature (because that's all that their
> client supported) would see the message had been changed (by the second
> signature).

	This message should be signed by both S/MIME and PGP, so, yes, it's
"possible".  In this case, the signatures do nest in a nested multipart
MIME hierarchy.  The message body is encoded quoted-printable in one
MIME part.  The encoded part is then signed and the signature is in
another MIME part.  That assemblage is nested in another MIME part which
is then S/MIME signed and that forms another MIME part.

        Message ----
                Mime S ----
                        Mime P ----
                                Body
                        Mime P ----
                                GPG signature on Body
                        Mime P ----
                Mime S ----
                        S/Mime Signature on Mime P
                Mime S ----
        Message ----

	Now, why anyone would want to do this, I don't know.  But it obviously
is possible and Evolution will, obviously, do it.  In theory, this
should work.  No guarantees about any and all clients being able to read
and verify it, however.  Evolution certainly handles it.  I've seen
enough compatibility problems between varying clients just withing pure
PGP/GPG and within pure S/MIME to have any expectations here.

	My S/MIME certificate is signed by the CACert.org, <www.cacert.org>,
root certificate.  Maybe we'll see who can verify either with what...

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw@xxxxxxxxxxxx
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux