On Thu, 2006-01-26 at 15:00 -0500, Michael H. Warfield wrote:
> Ok all,
>
> I'm cross posting this to both Evolution and MailScanner because I can
> already predict the finger pointing that's naturally going to result.
>
> A few months ago, someone brought it to my attention that my GPG
> signatures (messages signed only, not encrypted) where suddenly turning
> up "bad". The signature on this message will probably be "bad". It
> took some major head scratching to figure out what changed, what the
> parameters where, and what the hell was happening but I think I've got
> in narrowed down to some poor behavior on the part of BOTH Evolution AND
> MailScanner (or a component of MailScanner - not sure).
>
> It seems to have initially broken with an upgrade to MailScanner. I
> think upgrading to 4.47.4-2 or there abouts might have been the
> triggering event, but I don't remember what I was running on that server
> prior to that. Before then, all my signatures GPG signatures were good.
> After, they were bad. If I turn off MailScanner on my server, the
> signatures are good. I have accounts on several servers and the
> signatures are bad if I forward mail through one running a recent
> version of MailScanner. I just upgraded one of my servers to 4.50.5-12
> and now I've got bad signatures through that server as well (I wasn't
> running MailScanner on that one before).
>
> But, that doesn't get Evolution off the hook. It's only happening for
> messages that I'm composing in Evolution! If I compose them in Mutt or
> vi a text file and send it, everything is fine. Also, my saved copies
> in the Evolution sent box is fine.
>
> Sooo... I compare what was saved in the "sent" box with what was
> received with a bad signature... What was the difference? Carriage
> Returns! Evolution is terminating lines with CR-LF when composing a
> message. MailScanner is removing the CR and leaving the LF.
> Apparently, Evolution called gpg in binary mode to create the signature.
> Modifying even the line termination then breaks the signature.
>
> No other mailer I use generates the DOS/Windows line termination, they
> all end lines with *NIX convention of LF only (no I haven't tried
> ThunderBird or KMail or other GUI client as yet).
>
> 1) Why must we be adding extraneous CR on text messages? Is this
> REALLY necessary?
Yes. From rfc3156:
When the OpenPGP digital signature is generated:
(1) The data to be signed MUST first be converted to its content-
type specific canonical form. For text/plain, this means
conversion to an appropriate character set and conversion of
line endings to the canonical <CR><LF> sequence.
This is what Evolution does.
--
Jeffrey Stedfast
Evolution Hacker - Novell, Inc.
[EMAIL PROTECTED] - www.novell.com
_______________________________________________
Evolution-list mailing list
Evolution-list@gnome.org
http://mail.gnome.org/mailman/listinfo/evolution-list
