the attached messages were posted to the mulberry mailing list
short version, in order to do s/mime verification the client must retreive the
entire message to do the verification client-side.
is there any way to do this server-side?
David Lang
--- Begin Message ---
Hi.
I've finally identified the source of a problem that has
gradually been driving me nuts. Part of the finger points at
IMAP, but Mulberry's behavior makes it much worse. I thought
I'd at least warn others about the problem.
Suppose a message is received with, say, an introductory body
part containing a few kilobytes of comments or information,
followed by many megabytes of "attachment" body parts. The
obvious thing to do is to open (or synchronize, if working
largely offline) the first body part, read it, and then download
the additional body parts as needed. Asynchronous prefetching
(which Mulberry doesn't do) aside, that is a model that ought to
be supported by any competent IMAP client-server pair and
Mulberry does it very nicely.
However, if the message is signed with S/MIME, the signature is
over the entire message, including all body parts. Mulberry
wants to verify signatures when messages are opened. One can
uncheck that preference option, but, if one does, it is
relatively hard to verify selectively -- no provision for adding
a "verify signature" button, no "verify sig" entry in the
per-message pull-down from the TOC page, etc. There is a
per-message Verify/Decrypt entry on the main "Message"
pull-down, but it seems to often be grayed out even when signed
messages are selected.
So, suppose one keeps the "Verify signed messages on opening"
preference checked. Now, if one has a signed message and tries
to open that first body part, Mulberry feels obligated to
download the entire, multi-megabyte message in order to verify
the signature. No provisions for a "this is going to take a
while, do you mean it" warning or anything else (such as the
traditional "the message you are about to open is large..."
warning/question) -- just innocently click on a message which is
obviously "small first body part, huge attachment(s)" (and less
obviously signed, little pencil icon notwithstanding) and then
go sit on one's hands for a while.
Mulberry then manages to add insult to injury: when one actually
selects the attachment to open or download it, it generates the
"message you are about to open is large" warning and then, upon
getting a "yes", proceeds to download it again. I understand
enough of Mulberry's internal model to know why that happens
but, as the number of people who are automatically signing
messages by default continues to rise, the overall picture is
going to become a fairly nasty combination of misfeatures.
At least a "this message is rather large, do you really want to
take the time to download all of the body parts so the signature
can be verified?" dialog box would seem to be in order.
Obviously this will never be noticed by anyone with fast LAN
connections to their IMAP servers. But for those of us who are
either not as well off technologically or who travel extensively
to environments with poor connectivity...
john
--- End Message ---
--- Begin Message ---
--On Tuesday, October 13, 2009 6:03 PM -0400 John C Klensin
<klensin+mulbe...@jck.com> wrote:
> However, if the message is signed with S/MIME, the signature is
> over the entire message, including all body parts.
Ouch. That's a nasty drawback. I wonder if there are IMAP extensions to do
the verification server-side?
--- End Message ---
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
