Hi,
On Fri, 28 Oct 2011, Jerry wrote:
On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated:
Nothing relating to encrypted data, but I've seen an MS Exchange
system rewrite signed emails (both PGP/MIME and S/MIME) with the
obvious effect of causing failed verifications.
Could you please supply proof of that statement. An example of the
message before and after it was processed by the server would be
advantageous.
I attach two messages: correct.email (fcc of an email) and broken.email
(the version which went through our local Exchange server). (Not sure if
attachments will get through. I'll try anyway.) I've removed nearly
every header and snipped out some of the same content.
The interesting bit is the diff of the body:
2,4c2,4
< Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="pgp-sha1"; boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="
<
< This is an OpenPGP/MIME signed message (RFC2440, RFC3156).
---
> Content-Type: multipart/signed; protocol="application/pgp-signature";
> micalg=pgp-sha1;
> boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="
7c7,8
< Content-Type: multipart/mixed;
boundary="1771607802-1616753266-1320061802=:11794"
---
> Content-Type: multipart/mixed;
> boundary="1771607802-1616753266-1320061802=:11794"
10c11
< Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8
---
> Content-Type: text/plain; format=flowed; charset="UTF-8"
17c18
< Content-Type: TEXT/plain; charset=UTF-8; name=test1.txt
---
> Content-Type: text/plain; charset="UTF-8"; name="test1.txt"
20,21c21,22
< Content-Description: A plain text file.
< Content-Disposition: attachment; filename=test1.txt
---
> Content-Description: test1.txt
> Content-Disposition: attachment; filename="test1.txt"
26c27
< Content-Type: APPLICATION/pdf; name="test1 as a PDF.pdf"
---
> Content-Type: application/pdf; name="test1 as a PDF.pdf"
29c30
< Content-Description: The file as PDF.
---
> Content-Description: test1 as a PDF.pdf
All the changes, except the first (to the first Content-Type and
prologue) are within the signed part of the message. So we've got
- added quoting,
- change of case in the Content-Type,
- modification of Content-Description, and
- changed folding.
I'm not sure which Exchange server version(s) we're running here. In
case these received headers are useful:
Received: from zzzzzz.zzzz.zz.zz (zzz.zzz.zzz.zz) by
zzzzzz.zzzzzzz.zzzz.zz.zz
(zzz.zzz.zz.zz) with Microsoft SMTP Server (TLS) id 8.2.255.0; Mon, 31 Oct
2011 11:50:40 +0000
Received: from zzzzzz.zzz.zzzz.zz.zz (zzz.zzz.zz.zz) by zzzzzz.zzzz.zz.zz
(zzz.zzz.zzz.zz) with Microsoft SMTP Server (TLS) id 14.1.339.1; Mon, 31 Oct
2011 11:51:04 +0000
Cheers,
Phil.
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha1;
boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="
--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: multipart/mixed;
boundary="1771607802-1616753266-1320061802=:11794"
--1771607802-1616753266-1320061802=:11794
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE
We write an email=E2=80=A6
It has two attachments.
--1771607802-1616753266-1320061802=:11794
Content-Type: text/plain; charset="UTF-8"; name="test1.txt"
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description: test1.txt
Content-Disposition: attachment; filename="test1.txt"
QSB0ZXN0IGZpbGUuDQo=
--1771607802-1616753266-1320061802=:11794
Content-Type: application/pdf; name="test1 as a PDF.pdf"
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description: test1 as a PDF.pdf
Content-Disposition: attachment; filename="test1 as a PDF.pdf"
JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy
[snip]
RkNGPjxEOEVDNDEzRUFDNTY5QTZCNjgxQTIzQkNCQzA1MEZDRj5dCj4+CnN0
YXJ0eHJlZgo0NjcxCiUlRU9GCg==
--1771607802-1616753266-1320061802=:11794--
--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: application/pgp-signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk6ui20ACgkQleaexJ2vm1xyhACeIF/xhBoDDD5KjXXzD84s73uF
pAYAnAwzrfPeLOycJScl+hvigL86VhLR
=cFUB
-----END PGP SIGNATURE-----
--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=--
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="pgp-sha1";
boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="
This is an OpenPGP/MIME signed message (RFC2440, RFC3156).
--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: multipart/mixed;
boundary="1771607802-1616753266-1320061802=:11794"
--1771607802-1616753266-1320061802=:11794
Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
We write an email=E2=80=A6
It has two attachments.
--1771607802-1616753266-1320061802=:11794
Content-Type: TEXT/plain; charset=UTF-8; name=test1.txt
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description: A plain text file.
Content-Disposition: attachment; filename=test1.txt
QSB0ZXN0IGZpbGUuDQo=
--1771607802-1616753266-1320061802=:11794
Content-Type: APPLICATION/pdf; name="test1 as a PDF.pdf"
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description: The file as PDF.
Content-Disposition: attachment; filename="test1 as a PDF.pdf"
JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy
[snip]
RkNGPjxEOEVDNDEzRUFDNTY5QTZCNjgxQTIzQkNCQzA1MEZDRj5dCj4+CnN0
YXJ0eHJlZgo0NjcxCiUlRU9GCg==
--1771607802-1616753266-1320061802=:11794--
--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: application/pgp-signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk6ui20ACgkQleaexJ2vm1xyhACeIF/xhBoDDD5KjXXzD84s73uF
pAYAnAwzrfPeLOycJScl+hvigL86VhLR
=cFUB
-----END PGP SIGNATURE-----
--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=--
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
