On 05-11-2012 16:29, Hauke Laging wrote: > I don't understand why PGP/MIME > does not define a seperate signature for the relevant sender created headers > (from, to, subject, date). That would protect the headers and allow filters > to > check the sender without exposing the data signature.
That would lead to many false warnings about signature errors, since those headers are often mangled with by mail transport software ("long" lines broken, (de)html-ized, control characters inserted (%20 instead of a space), etc. etc. You would have to implement "fuzzy signature checking", just like using text mode ignores \n\r and \n differences but than more extensive. I predict that it will be nearly impossible to get this both so adaptive that the number of false sig errors reduces to almost zero AND does not contain lots of holes for spammers to exploit. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users