Nerijus Baliunas
Tue, 31 Dec 2002 10:56:50 -0800
Hello, My mail client was not able to correctly verify xcmail generated pgp signed messages. I got an answer:
The problem is that this message has
a 'signature' part that is a signed message by itself, instead of being
the detached signature of the first MIME part of the message: as RFC
2015 and 3156 state,
(5) The signature MUST be generated detached from the signed data
so that the process does not alter the signed data in any way.
So this message is not conformant. Maybe you should warn the originator
of the message...
Regards,
Nerijus