Dennis E. Hamilton wrote: > Take it easy, everyone > > For those reading at home, note that, from Keith's message headers (which > your > reader might not show you), > > Content-Type: multipart/signed; micalg=pgp-sha256; > protocol="application/pgp-signature"; > boundary="JvV7IIxE9KUf4lmELnVij5s6phPdQh9Bs" > X-Complaints-To: use...@ger.gmane.org > X-Gmane-NNTP-Posting-Host: c-24-60-71-26.hsd1.ma.comcast.net > X-Mozilla-News-Host: news://news.gmane.org:119 > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 > Firefox/38.0 SeaMonkey/2.35 > > Indicates that the sender is using Firefox to send a PGP signature via > Firefox > to GMane and from there to the Users list at oo.a.o, each list manager doing > whatever it does whatever it does when it encounters such a signature. > > Finally not all email readers recognize these, even with no suspects > in-between the sender and receiver. My reader recognizes that it was signed > but I have not installed any plug-in to handle that protocol ID. > > SO the sender has no idea what intermediary lost the signature binding, and > the receiver has no idea whether the signature was good when the message > started its wanderings through two list systems and reached his mail reader > which, like mine, might only recognize X.509 digital signatures without being > given a way to check others. > > One can check what the users@ oo.a.o software makes of the message at > <http://mail-archives.apache.org/mod_mbox/openoffice-users/201509.mbox/%3Cmtefh2%24b7m%241%40ger.gmane.org%3E>. > Notice it too separates the appended signature as if it is an attachment. > If you look at the "raw" message, you might notice that this is not in a > format that can be checked directly with GnuPG because of differences in > boundary markers and other details, > <http://mail-archives.apache.org/mod_mbox/openoffice-users/201509.mbox/raw/%3cmtefh2$b7m$1...@ger.gmane.org%3e>, > > - Dennis > > PS: Senders, if you want your signed message to pass through the maze of > intermediaries with a chance of being verifiable, write a text file, sign it > (asci-armored) as a text file using an implementation of OpenPGP, such as > GnuPG. And paste the whole ascii-armored text into a blank, unsigned email > message. Intermediaries will usually leave the content intact enough to be > verifiable by a recipient who knows how to check the text with GnuPG. > Or take the easy way and realize reality does not match every expectation > and don't bother to sign messages to public mailing lists. > Dennis; Actually my signature is created by GNUPG via the gpg4win variant. I use SeaMonkey's mail/news client with the enigmail add-on to manage OpenPGP signing and encryption. I have my enigmail options set to use pgpmime which will send the sig as an attachment. I have done it this way on purpose so that people who do not use an OpenPGP compliant mail client,which includes most web-mail implementations, do not have to wade through the begin and end data that would get added otherwise.
I do apologize to the rest of the list for my rather heated reply. However this is not my first go around with the individual so I unfortunately let my personal feelings overrule my better judgement. Regards Keith > PPS: For those following along at home, I have signed this by a > long-standing, > venerable method and we'll see what the list-management software does with > this one > [;<). > > > -----Original Message----- > From: Keith N. McKenna [mailto:keith.mcke...@comcast.net] > Sent: Thursday, September 17, 2015 13:12 > To: users@openoffice.apache.org > Subject: Re: Installation problems with V 4.1.1 on Windows 8 > > On 9/17/2015 3:11 PM, Urmas wrote: >> "Keith N. McKenna": >> ??? >> >> Please stop using the fake digital signature. > Urmas as always you display your blinding ignorance. That signature is a > valid OpenPGP signature. Just because your crippled mail client cannot > understand it is not my problem and does not mean it is fake. > > Keith >
signature.asc
Description: OpenPGP digital signature
