[ale] testing firegpg with mailman

Sun Nov 29 03:25:11 EST 2009

On Sun, 2009-11-29 at 00:13 -0500, Michael H. Warfield wrote:
> Granted that others have pointed out the header wrap problem (which
> should NOT be a problem because these things are not suppose to be
> affected by that - still noddling on that one).  The problem back then

Actually, according to RFC-1847 both headers and content are part of the
signed stuff:

(2)  The body part (headers and content) to be digitally signed is
        prepared for signature according to the value of the protocol
        parameter.  The MIME headers of the signed body part are
        included in the signature to protect the integrity of the MIME
        labeling of the data that is signed.

Now bear in mind this only pertains to headers within the
multipart/signed body part.

> was that many Mime aware applications would generate a line ending
> sequence (protocol convention \r\n) encoded in quoted printable with
> \r=0A where MimeTools would emit it as =0D=0A (equivalent) and that was
> what was causing THAT problem.  Not sure if there is a base-64 encoding
> equiv to that problem but anything in quoted printable can be expressed
> as =hh for the byte and that causes a major indeterminancy.
> 
> The option that was causing the headaches in MailScanner was in
> mailscanner.conf where the default was "Sign Clean Messages = yes".
> That forced MailScanner to unpack all Mime messages and repack them in
> order to add its "clean message" signature.
> 
> Check that setting and make damn sure it's "Sign Clean Messages = no".
> Nobody EVER came back with the definitely way to insure that messages
> were not corrupted in the "= yes" case and I had Julian and David (from
> MimeTools) busting their asses trying to figure it out.
> 
> Mike
> 
> > On Sat, Nov 28, 2009 at 3:18 PM, Michael H. Warfield
> > <mhw at wittsend.com> wrote:
> >         Jim, 
> >         
> >         On Sat, 2009-11-28 at 14:23 -0500, Jim Kinney wrote:
> >         > OK. So Mailman is (maybe) munging the gpg signature. Fixing
> >         that will
> >         > be a challenge if it's caused by signing the wrong sections
> >         of the
> >         > message body.
> >         
> >         
> >         Something is not right here.  I run a mailman site supporting
> >         several
> >         dozen lists and multiple domains (IT-ISAC, ISAC Council, +++)
> >         and I
> >         don't see this problem.  We use gpg/pgp all the time on those
> >         lists.
> >         Furthermore, my own signatures through the ALE list seem to be
> >         coming
> >         through fine.
> >         
> >         Couple of years ago, I did run into a problem with MailScanner
> >         which
> >         Julian and I took a few days to shoot.  In that case,
> >         MailScanner was
> >         unpacking the mime and then repacking it (quoted printable in
> >         that case,
> >         I believe).  While the contents of the attachments remained
> >         unaltered,
> >         the encoding encapsulation changed (Mime is ambiguous on
> >         several points
> >         and something time MailTools or MimeTools will pack something
> >         differently than will Evolution or Thunderbird).  We had to
> >         stipulate
> >         something in MailScanner where the message was passed
> >         unmolested if
> >         nothing was found untoward in it, rather than repacking it and
> >         sending
> >         it on.
> >         
> >         There are a couple of MailScanner Mime settings that could
> >         impact this
> >         but I seriously doubt it.
> >         
> >         Try this for a test.  Send a message back to me and to the
> >         list.  Just a
> >         Reply-All should do just fine.  I can do a byte for bye,
> >         attachment for
> >         attachment comparison.  Make SURE <mhw at wittsend.com> is on the
> >         cc list,
> >         so I get a direct copy.  You should be able to verify my
> >         signatures on
> >         this message the same way.  Compare the results from the ALE
> >         relay to
> >         the direct message.
> >         
> >         Regards,
> >         Mike 
> >         
> >         
> >         > What is needed now is to test a gpg signature sent from a
> >         plain text
> >         > (NOT from firegpg) email through mailman. It needs to be
> >         tested
> >         > through both firegpg and regular text email (anyone got a
> >         quick link
> >         > to gpg with mutt?).
> >         >
> >         > I sent myself a test message from firegpg to myself and NOT
> >         through
> >         > mailman. firgpg then reported it as a good signature. That
> >         leads me to
> >         > think the issue _is_ with mailman.
> >         >
> >         > oh joy. criticizing a gnu codebase ....
> >         >
> >         > On Sat, Nov 28, 2009 at 12:41 PM, Jeremy T. Bouse
> >         > <jeremy.bouse at undergrid.net> wrote:
> >         >         jim.kinney at gmail.com wrote:
> >         >
> >         >         > This is a simple test of firegpg running on Fedora
> >         >         12/Firefox 3.5.5
> >         >         >
> >         >         > Please reply with good or bad signature status.
> >         >         >
> >         >
> >         >
> >         >         gpg command line and output:
> >         >         /usr/bin/gpg
> >         >         gpg: Signature made Sat 28 Nov 2009 11:04:06 AM EST
> >         using RSA
> >         >         key ID
> >         >         6A87D3C5
> >         >         gpg: BAD signature from "James P. Kinney III
> >         (Physicist,
> >         >         Brewer, Dad)
> >         >         <jimkinney at gmail.com>"
> >         >
> >         >
> >         >         _______________________________________________
> >         >         Ale mailing list
> >         >         Ale at ale.org
> >         >         http://mail.ale.org/mailman/listinfo/ale
> >         >         See JOBS, ANNOUNCE and SCHOOLS lists at
> >         >         http://mail.ale.org/mailman/listinfo
> >         >
> >         >
> >         >
> >         >
> >         > --
> >         > --
> >         > James P. Kinney III
> >         > Actively in pursuit of Life, Liberty and Happiness
> >         >
> >         > _______________________________________________
> >         > Ale mailing list
> >         > Ale at ale.org
> >         > http://mail.ale.org/mailman/listinfo/ale
> >         > See JOBS, ANNOUNCE and SCHOOLS lists at
> >         > http://mail.ale.org/mailman/listinfo
> >         --
> >         
> >         Michael H. Warfield (AI4NB) | (770) 985-6132 |
> >          mhw at WittsEnd.com
> >           /\/\|=mhw=|\/\/          | (678) 463-0932 |
> >          http://www.wittsend.com/mhw/
> >           NIC whois: MHW9          | An optimist believes we live in
> >         the best of all
> >          PGP Key: 0x674627FF        | possible worlds.  A pessimist is
> >         sure of it! 
> > 
> > 
> > 
> > -- 
> > -- 
> > James P. Kinney III
> > Actively in pursuit of Life, Liberty and Happiness         
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

________
Respect yourself and others will respect you.
-- Confucius

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20091129/65700ed3/attachment.bin 