> Note that this also happens when no MTA is involved. This is issue 56.
> Would anyone familiar with the new MIME encoder be willing to have a
> look at RFC 3156?
I'm suddenly realising we are in trouble, and that it's better to
leave things in the current state than implement PGP/MIME.
There are two ways to PGP sign a message. One is to use OpenPGP armor
around a plain text message, which is what Darcs does; this is called
``old PGP''. The other one is to use RFC 2015 (or 3156); this is
called PGP/MIME.
Old PGP is incompatible with MIME. In other words, the only case when
one can reliably use Old PGP in e-mail is around a single text/plain
body part that is 7bit encoded and hence runs no risk of being
MIME-munged by MTAs.
PGP/MIME is, as the name implies, suitable for signing e-mail.
However, PGP/MIME-ing an attachment causes it to only be valid as
e-mail -- the signature is lost when the attachment is saved, and
non-mail tools are usually unable to verify the signature on a whole
message saved to disk.
So the tradeoff is:
- illegally use Old PGP within an attachment, as we do, which makes
the signature verifiable outside of the mailer, but not within it;
- obey the rules and use PGP/MIME, which will make it impossible to
verify the signature after the attachment is saved to disk.
Does anyone see a good way out? For now, I'm closing the report as
unfixable.
Juliusz
_______________________________________________
darcs-devel mailing list
[email protected]
http://www.abridgegame.org/cgi-bin/mailman/listinfo/darcs-devel
