On Thu, 2001-11-29 at 19:50, Thomas O'Dowd wrote: > On Thu, Nov 29, 2001 at 03:33:32PM -0500, Jeffrey Stedfast wrote: > > > > In-line pgp mode is a broken way to do it - so many things can go > > "wrong". Should I first QP/Base64 encode the text before signing? or > > should I do it afterward? Do I From-escape before? afterward? ever? Do I > > CRLF encode before signing? > > Sure, its broken but everyone does it. I've had to do it for ages now > because my windows loving friends have too much trouble reading the > standard. Anyway, I don't quite see the problems that you see with > implementing it at least not with pgp. I've never used gpg so I don't > know about it. Here are some answers to your questions. > > to just encrypt > > mailtext | pgp +verbose=0 +encrypttoself +batchmode -feat RECEIVERS > > or to sign and encrypt > > mailtext | pgp +verbose=0 +encrypttoself +batchmode -feast RECEIVERS > > If you do this then, it will sign, encrypt, handle the line feeds and > encode everything in the correct order. About From escaping, why would > you ever do it in a client? It is only a storage requirement for mbox > mail spools. If you are talking about archival in the sent folder, then > you never have to worry about that with PGP encrypted text as you won't > find the combo "^From " in the encoded text.
I wasn't talking about encrypting...obviously with encrypting I don't have to worry about the problems I mentioned, but I *do* have to worry about them when I am just signing the text. The reason the client should do From-escaping when signing is to make it so that the client on the other end doesn't have to From-escape. Why would you wanna do that? Because if the other end has to From-escape (because it uses mbox or something), then it won't be able to verify the signature. the PGP/MIME specification suggests that clients do this, but seeing as how there isn't a spec for doing it in-line - who's to say what you should and shouldn't do? The problem is that you guys don't fully understand the problem, to you it sounds as simple as "just pipe it to pgp or gpg and whallah" but it's not that simple. Well, not if you expect the other end to be able to verify your signatures at least. Sure, I could just pipe to pgp/gpg, but if the other end can't verify the signature, what good is it? Jeff -- Jeffrey Stedfast Evolution Hacker - Ximian, Inc. [EMAIL PROTECTED] - www.ximian.com _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
