From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63818 Path: news.gmane.org!not-for-mail From: Andreas Seltenreich Newsgroups: gmane.emacs.gnus.general Subject: Re: Broken display of clearsigned PGP message Date: Fri, 13 Oct 2006 16:31:22 +0200 Message-ID: <87zmc0thhh.fsf@gate450.dyndns.org> References: <87u02sr1yx.fsf@gate450.dyndns.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1160750095 29485 80.91.229.2 (13 Oct 2006 14:34:55 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 13 Oct 2006 14:34:55 +0000 (UTC) Cc: Oliver Heins Original-X-From: ding-owner+m12345@lists.math.uh.edu Fri Oct 13 16:34:49 2006 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GYO7F-00040U-KJ for ding-account@gmane.org; Fri, 13 Oct 2006 16:34:28 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1GYO7A-00032D-00; Fri, 13 Oct 2006 09:34:20 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1GYO4Z-000327-00 for ding@lists.math.uh.edu; Fri, 13 Oct 2006 09:31:39 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.52) id 1GYO4S-0008Rb-Oc for ding@lists.math.uh.edu; Fri, 13 Oct 2006 09:31:38 -0500 Original-Received: from smtp1.rz.uni-karlsruhe.de ([129.13.185.217] ident=Debian-exim) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1GYO4N-0005oJ-00 for ; Fri, 13 Oct 2006 16:31:27 +0200 Original-Received: from rzstud2.stud.uni-karlsruhe.de (exim@rzstud2.stud.uni-karlsruhe.de [193.196.41.38]) by smtp1.rz.uni-karlsruhe.de with esmtp (Exim 4.50 #1) id 1GYO4K-0001gC-MV; Fri, 13 Oct 2006 16:31:24 +0200 Original-Received: from uwi7 by rzstud2.stud.uni-karlsruhe.de with local (Exim 4.43) id 1GYO4K-0002yE-Cq; Fri, 13 Oct 2006 16:31:24 +0200 Original-To: ding@gnus.org Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEUVERBOWWlqVT2VprS7 p3m61uuZxNxZAAACRklEQVQ4y0VUy3arMAwUDtnzONlT4bsPddnn+Kr7tI7//1c6I0NLTkjMWNJI M0bGsIwpJTMT6Yaw6Jr2+qUqvMLSOzDfLQNI9TusfD5KeAPKvw98EfFh/2WRbutN2gWwkzm9m2UA In1GmuEhAb/jcATzisgwT8Z9MgaL/hARwZi6bwC2IfG4iWV8COgJSE8+gqV1kfdoGrllJJhkwVq5 RgtAH9KNwyLXQo7WamhcPNPQW14LxtC3fU5hOGkmPLnVD3Q59gTm4bfV7lZrxbLby8O78GESu2E2 T+kAf7VuELdxFrdU6zdo7JVMEM8IwOHSppkcuCLwCdyox4qQOgFAm5/JgcZbrjtWmhakSR7uKqBP hqDwBYElpcnFHGW8YFutL6ZBmbBIbqqSJ8yA/IcL8tHiDTyfyiFrqiX6eDYCM/vTiMkuovKPpLo0 ZRW6BTwypQgr8lbOl9NKMAU4uhpss55OUA3cp/0BfLm2HfKGtYAvk6H+XuJeXwR8HwFj/aAco2cj bTxv9TE6Zd77KZcqfeL1jXkbQDkxp5IbmkotbYzzkD3+HclACvz1cB50Pua4N/1vfvdeGi/bKbOu h/7SVMSh8EDKjIo8AjAl+0dh4OXs3wGIHMD1EeZtUHujvi1T727Ph3mXsB1uYBvYH+3Phq09ylvU GjBuvaq7Nesn5IWrvD/YJtp59lwf++1Pzwk6jdfRxv3vMOPfmrbowF4HHvbZfdI5Cn9s8Ffxozvf J+eF4xk53xkG9XcFhKUbp9Mf0/E24sB/AGXeqQ83h0sZAAAAAElFTkSuQmCC X-Hashcash: 1:24:061013:ding@gnus.org::YVAHzbTbDpFnwbWl:c1kj X-Hashcash: 1:24:061013:olli@sopos.org::tvmBuUHCArLbF6BO:0Q6cB In-Reply-To: <87u02sr1yx.fsf@gate450.dyndns.org> (Andreas Seltenreich's message of "Thu\, 28 Sep 2006 07\:31\:50 +0200") User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) X-Spam-Score: -2.6 (--) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:63818 Archived-At: I wrote: [...] > message being displayed incorrectly (). [...] > I'm not sure if this message is legal according to RFC 2440. In 6.2 > it states that Armor Headers are followed by a blank line, which is > defined as "zero-length, or containing only whitespace", however in > 7. it uses the term "empty line" when describing Armor Headers in > cleartext signatures. > > IMHO we should follow "be liberal in what you accept" here, especially > since GnuPG considers the message legal. Should I apply the attached > patch to v5-10 and HEAD? Can anyone imagine regressions? I just realized that with the current behavior, an attacker could completely replace the text within Gnus' signed-message markup with his own message without interfering with the verification process. So I guess it is hard to make the situation worse... Will commit the patch. regards, andreas