On 05-11-2012 16:29, Hauke Laging wrote:
> I don't understand why PGP/MIME
> does not define a seperate signature for the relevant sender created headers
> (from, to, subject, date). That would protect the headers and allow filters
> to
> check the sender without exposing the data signature.
That would lead to many false warnings about signature errors, since
those headers are often mangled with by mail transport software ("long"
lines broken, (de)html-ized, control characters inserted (%20 instead of
a space), etc. etc.
You would have to implement "fuzzy signature checking", just like using
text mode ignores \n\r and \n differences but than more extensive. I
predict that it will be nearly impossible to get this both so adaptive
that the number of false sig errors reduces to almost zero AND does not
contain lots of holes for spammers to exploit.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
