-----BEGIN PGP SIGNED MESSAGE-----
On Sun, Feb 25, 2007 at 09:12:07AM -0500, Shawn McMahon wrote:
> On Sat, Feb 24, 2007 at 06:29:00PM -0500, Daniel Franke said:
> > only part that gets verified. Alternatively, if you use PGP/MIME, then
> > the signed part is an attachment and only that gets verified.
> The signed part is what gets modified, invalidating the signature.
> Inline signatures violate RFC 1855.
RFC1855 only states
> Do not include control characters or non-ASCII attachments in
> messages unless they are MIME attachments or unless your mailer
> encodes these. If you send encoded messages make sure the
> recipient can decode them,
which is questionably applicable to inline PGP signatures since
they're base64-encoded and therefore consist only of printable ASCII
characters. Anyhow, RFC means Request For Comments and one comment on
it suggests that inline PGP be specifically excepted.
The reason I use inline PGP is that I'm sick of getting replies from
people saying, "hey, I can't open that weird attachment that you sent
me". If you all are correct about mailing lists breaking PGP/MIME,
then I now have a second good reason.
Daniel Franke [log in to unmask] http://www.dfranke.us
|----| =|\ \\\\
|| * | -|-\--------- Man is free at the instant he wants to be.
- -----| =| \ /// --Voltaire
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----