Re: Bad PGP signatures due to MIME encoding (?)

Re: Bad PGP signatures due to MIME encoding (?)

[Marshall T. Vandegrift]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: multipart/mixed; boundary="==-=-=", Size: 8489 bytes --]

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=2D --=3D=3D-=3D-Content-Transfer-Encoding: quoted-printable

Simon Josefsson <jas@extundo.com> writes:

> It is difficult to tell, can you illustrate the problem with complete
> examples?  With PGP/MIME, I don't think the OpenPGP armor should be
> QP'd at all, so something may be wrong.

Hmm.  I should have diffed them to start with...  The signatures are
different too, after the first few bytes.  Oddness?  But the sent one
still doesn't verify.

Here are the full messages:


=2D --=3D=3D-=3D-Content-Disposition: attachment; filename=3Dlocal.txt
Content-Transfer-Encoding: quoted-printable
Content-Description: locally archived message

X-From-Line: nobody Wed Apr 16 22:31:17 2003
To: ding@hpc.uh.edu
Subject: Re: [PGG] Any way to download keys automatically?
From: Marshall T. Vandegrift <vandem2@rpi.edu>
Date: Wed, 16 Apr 2003 22:31:05 -0400
In-Reply-To: <877k9tevry.fsf@pooh.honeypot.net> (Kirk Strauser's message of
 "Wed, 16 Apr 2003 20:51:29 -0500")
Message-ID: <87smsh7t3q.fsf@rpi.edu>
User-Agent: Gnus/5.090018 (Oort Gnus v0.18) Emacs/21.3 (gnu/linux)
X-Draft-From: ("nnml:mail.list.gnus.ding" 169)
References: <87adepew4g.fsf@egil.codesourcery.com>
	<877k9tevry.fsf@pooh.honeypot.net>
Face:  iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEUAAACrq6tpaWnU=
1NSO
 jo7///9ISEgoKCit8pKhAAACWElEQVR4nHWTQW/bMAyFiWGIz4rV7bqwgnJ2ZPcuR0jOmZF7
 KwTUNcgG6+/vMWmLtsiYi8FPj3okFTr+J+jD98YN90Ev+eEumJZyuguOYelXd8Fx6nl1Fxwn
 M27vgsPQ8cNXME0hhOEY4heAZJiCeWvlHXTboLHcfgGTaQdV7E7DZ9DHqyDs5JOrqbNmUkXn
 5VVyA51N7VUAIB/sBusS6sNWLyKP72AwCQDpEDZS5GV4BVOXmBmXTwpETu0NHDyzc445oZMf
 UkpO4QZKnasIaDJwK5J5OyjAeqrAFAqNzhcpeVyFq2IUmTliet0u4xMKp2BKLHKulwhTOCLz
 DIBjdGCAsmjyNrRjlloBGNdTryCbc15htKptYMRtj7RhTMF1+5MJoffjTyIPh3GgUQAeu+UL
 bHXMnha4CLVIBbntUsRwTSw7musMSSKfs3BsnU4Xs9lRUZAZAKbqhQE6E5f7qgBnUcoLycVG
 Y0wXzR6GRbzPNHIGyO4KbLuv6EQHpqUKiWMFpg27c3MlmVh8oepytFfyhBZRrAjhCqEqczYW
 v7DhoqQKYQO+1Cx/jU3JmD760uj9GACizOKQj234nZbropMkzctzTti7i+0wmuRlrgWuSini
 q2TPzoTDCRUZS0EL86zZM814BIf1ylo7YsFCpczYM1FzSe3xqTHGxqSbpDWm+UxECxuG6fzd
 JAsXrK5qOZMGXuaeVmgGZNT51VuevoUlNS4lG6NKMH56DXws8OoQKoGr8xuhJmfG+04qQR+3
 5Ez0Hf+Om0RBWqui1l9Ef/pRTo5HF1HsH5ecMp4LrZOPAAAAAElFTkSuQmCC
MIME-Version: 1.0
Content-Type: multipart/signed; boundary=3D"=3D-=3D-=3D";
	micalg=3Dpgp-sha1; protocol=3D"application/pgp-signature"
Lines: 41
Xref: tiktok mail.sent:481
X-Gnus-Article-Number: 481   Wed Apr 16 22:31:17 2003

=2D --=3D-=3D-=3D
Content-Transfer-Encoding: quoted-printable

Kirk Strauser <kirk@strauser.com> writes:

> Edit your ~/.gnupg/options.  Add:
>
>    keyserver-options auto-key-retrieve

It's `~/.gnupg/gpg.conf' these days (as of version 1.1.92), but yes.
However, PGG does also include support to retrieve keys itself:

,----[ C-h v pgg-query-keyserver ]
| pgg-query-keyserver's value is nil
|=3D20
| Documentation:
| Whether PGG queries keyservers for missing keys when verifying messages.
`----

Does this exist for OpenPGP implementations which do not support
automated key-retrieval, or is there some good reason to have PGG do
it instead of the OpenPGP tool?

=3D2D-=3D20
Marshall T. Vandegrift <vandem2@rpi.edu>

They were all, one might say, nonexistent, but each
non-existed in an entirely different way.
        -- Stanislaw Lem, /The Cyberiad/

=2D --=3D-=3D-=3D
Content-Type: application/pgp-signature

=2D -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+nhH0aQb6rnTjFokRAkE9AJwN5zSlLuSADoAP/uQ2OQZ9VwEG2gCffyiW
P8Dbe9Bphtj93dcAxisCAJc=3D
=3DIhU3
=2D -----END PGP SIGNATURE-----
=2D --=3D-=3D-=3D--

=2D --=3D=3D-=3D-Content-Disposition: attachment; filename=3Dsent.txt
Content-Transfer-Encoding: quoted-printable
Content-Description: mailing-list received message

Path: main.gmane.org!not-for-mail
From: "Marshall T. Vandegrift" <vandem2@rpi.edu>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: [PGG] Any way to download keys automatically?
Date: Wed, 16 Apr 2003 22:31:05 -0400
Lines: 43
Sender: ding-owner@lists.math.uh.edu
Approved: news@gmane.org
Message-ID: <87smsh7t3q.fsf@rpi.edu>
References: <87adepew4g.fsf@egil.codesourcery.com>
	<877k9tevry.fsf@pooh.honeypot.net>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=3D"=3D-=3D-=3D";
	micalg=3Dpgp-sha1; protocol=3D"application/pgp-signature"
X-Trace: main.gmane.org 1050546677 6287 80.91.224.249 (17 Apr 2003 02:31:17=
 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Thu, 17 Apr 2003 02:31:17 +0000 (UTC)
Original-X-From: ding-owner+M97@lists.math.uh.edu Thu Apr 17 04:31:14 2003
Return-path: <ding-owner+M97@lists.math.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 195zBB-0001d7-00
	for <ding-account@gmane.org>; Thu, 17 Apr 2003 04:31:13 +0200
Original-Received: from localhost ([127.0.0.1] helo=3Dlists.math.uh.edu)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 195zBl-0004A1-00; Wed, 16 Apr 2003 21:31:49 -0500
Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=3Droot)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 195zBd-00049v-00
	for ding@lists.math.uh.edu; Wed, 16 Apr 2003 21:31:41 -0500
Original-Received: from tiktok (alb-24-194-32-10.nycap.rr.com [24.194.32.10=
])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with ESMTP id VAA28921
	for <ding@hpc.uh.edu>; Wed, 16 Apr 2003 21:32:49 -0500 (CDT)
Original-Received: from llasram by tiktok with local (Exim 4.12)
	id 195zBE-00011U-00
	for ding@hpc.uh.edu; Wed, 16 Apr 2003 22:31:16 -0400
Original-To: ding@hpc.uh.edu
In-Reply-To: <877k9tevry.fsf@pooh.honeypot.net> (Kirk Strauser's message of
 "Wed, 16 Apr 2003 20:51:29 -0500")
User-Agent: Gnus/5.090018 (Oort Gnus v0.18) Emacs/21.3 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEUAAACrq6tpaWnU1=
NSO
 jo7///9ISEgoKCit8pKhAAACWElEQVR4nHWTQW/bMAyFiWGIz4rV7bqwgnJ2ZPcuR0jOmZF7
 KwTUNcgG6+/vMWmLtsiYi8FPj3okFTr+J+jD98YN90Ev+eEumJZyuguOYelXd8Fx6nl1Fxwn
 M27vgsPQ8cNXME0hhOEY4heAZJiCeWvlHXTboLHcfgGTaQdV7E7DZ9DHqyDs5JOrqbNmUkXn
 5VVyA51N7VUAIB/sBusS6sNWLyKP72AwCQDpEDZS5GV4BVOXmBmXTwpETu0NHDyzc445oZMf
 UkpO4QZKnasIaDJwK5J5OyjAeqrAFAqNzhcpeVyFq2IUmTliet0u4xMKp2BKLHKulwhTOCLz
 DIBjdGCAsmjyNrRjlloBGNdTryCbc15htKptYMRtj7RhTMF1+5MJoffjTyIPh3GgUQAeu+UL
 bHXMnha4CLVIBbntUsRwTSw7musMSSKfs3BsnU4Xs9lRUZAZAKbqhQE6E5f7qgBnUcoLycVG
 Y0wXzR6GRbzPNHIGyO4KbLuv6EQHpqUKiWMFpg27c3MlmVh8oepytFfyhBZRrAjhCqEqczYW
 v7DhoqQKYQO+1Cx/jU3JmD760uj9GACizOKQj234nZbropMkzctzTti7i+0wmuRlrgWuSini
 q2TPzoTDCRUZS0EL86zZM814BIf1ylo7YsFCpczYM1FzSe3xqTHGxqSbpDWm+UxECxuG6fzd
 JAsXrK5qOZMGXuaeVmgGZNT51VuevoUlNS4lG6NKMH56DXws8OoQKoGr8xuhJmfG+04qQR+3
 5Ez0Hf+Om0RBWqui1l9Ef/pRTo5HF1HsH5ecMp4LrZOPAAAAAElFTkSuQmCC
Precedence: bulk
Xref: main.gmane.org gmane.emacs.gnus.general:51553
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:51553

=2D --=3D-=3D-=3D
Content-Transfer-Encoding: quoted-printable

Kirk Strauser <kirk@strauser.com> writes:

> Edit your ~/.gnupg/options.  Add:
>
>    keyserver-options auto-key-retrieve

It's `~/.gnupg/gpg.conf' these days (as of version 1.1.92), but yes.
However, PGG does also include support to retrieve keys itself:

,----[ C-h v pgg-query-keyserver ]
| pgg-query-keyserver's value is nil
|=3D20
| Documentation:
| Whether PGG queries keyservers for missing keys when verifying messages.
`----

Does this exist for OpenPGP implementations which do not support
automated key-retrieval, or is there some good reason to have PGG do
it instead of the OpenPGP tool?

=2D --=3D20
Marshall T. Vandegrift <vandem2@rpi.edu>

They were all, one might say, nonexistent, but each
non-existed in an entirely different way.
        -- Stanislaw Lem, /The Cyberiad/

=2D --=3D-=3D-=3D
Content-Type: application/pgp-signature

=2D -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+nhH0aQb6rnTjFokRAkE9AJ9ghVQPJjlccOWpDOwlbamXP+ZtBQCfUBYP
z37pvXlrurm82wL5Rvulxeg=3D
=3DI/AB
=2D -----END PGP SIGNATURE-----
=2D --=3D-=3D-=3D--



=2D --=3D=3D-=3D-Content-Transfer-Encoding: quoted-printable


=2D --=20
Marshall T. Vandegrift <vandem2@rpi.edu>

Disciplined and calm, to await the appearance of
disorder and hubbub amongst the enemy:--this is the
art of retaining self-possession.
        -- Sun Tzu, /The Art of War/

=2D --=3D=3D-=3D-=3D--
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+npyQaQb6rnTjFokRAnENAKCDc7OSkq9bG5re8R+oIOeE/SCIXQCfdRfQ
4UfLRMEgGoQMIamqhAR+8Cs=3D
=3D+GP8
=2D----END PGP SIGNATURE-----

Re: Bad PGP signatures due to MIME encoding (?)

[Marshall T. Vandegrift]

[-- Attachment #1: Type: text/plain, Size: 207 bytes --]

<much ugliness cut>

Heh.  That was pretty.  PGP and MIME don't mix?  One must use PGP/MIME
to sign multipart message?  Let's try again, and in the interest of
safety I'll just leave this message unsigned:


[-- Attachment #2: locally archived message --]
[-- Type: text/plain, Size: 2817 bytes --]

X-From-Line: nobody Wed Apr 16 22:31:17 2003
To: ding@hpc.uh.edu
Subject: Re: [PGG] Any way to download keys automatically?
From: Marshall T. Vandegrift <vandem2@rpi.edu>
Date: Wed, 16 Apr 2003 22:31:05 -0400
In-Reply-To: <877k9tevry.fsf@pooh.honeypot.net> (Kirk Strauser's message of
 "Wed, 16 Apr 2003 20:51:29 -0500")
Message-ID: <87smsh7t3q.fsf@rpi.edu>
User-Agent: Gnus/5.090018 (Oort Gnus v0.18) Emacs/21.3 (gnu/linux)
X-Draft-From: ("nnml:mail.list.gnus.ding" 169)
References: <87adepew4g.fsf@egil.codesourcery.com>
	<877k9tevry.fsf@pooh.honeypot.net>
Face:  iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEUAAACrq6tpaWnU1NSO
 jo7///9ISEgoKCit8pKhAAACWElEQVR4nHWTQW/bMAyFiWGIz4rV7bqwgnJ2ZPcuR0jOmZF7
 KwTUNcgG6+/vMWmLtsiYi8FPj3okFTr+J+jD98YN90Ev+eEumJZyuguOYelXd8Fx6nl1Fxwn
 M27vgsPQ8cNXME0hhOEY4heAZJiCeWvlHXTboLHcfgGTaQdV7E7DZ9DHqyDs5JOrqbNmUkXn
 5VVyA51N7VUAIB/sBusS6sNWLyKP72AwCQDpEDZS5GV4BVOXmBmXTwpETu0NHDyzc445oZMf
 UkpO4QZKnasIaDJwK5J5OyjAeqrAFAqNzhcpeVyFq2IUmTliet0u4xMKp2BKLHKulwhTOCLz
 DIBjdGCAsmjyNrRjlloBGNdTryCbc15htKptYMRtj7RhTMF1+5MJoffjTyIPh3GgUQAeu+UL
 bHXMnha4CLVIBbntUsRwTSw7musMSSKfs3BsnU4Xs9lRUZAZAKbqhQE6E5f7qgBnUcoLycVG
 Y0wXzR6GRbzPNHIGyO4KbLuv6EQHpqUKiWMFpg27c3MlmVh8oepytFfyhBZRrAjhCqEqczYW
 v7DhoqQKYQO+1Cx/jU3JmD760uj9GACizOKQj234nZbropMkzctzTti7i+0wmuRlrgWuSini
 q2TPzoTDCRUZS0EL86zZM814BIf1ylo7YsFCpczYM1FzSe3xqTHGxqSbpDWm+UxECxuG6fzd
 JAsXrK5qOZMGXuaeVmgGZNT51VuevoUlNS4lG6NKMH56DXws8OoQKoGr8xuhJmfG+04qQR+3
 5Ez0Hf+Om0RBWqui1l9Ef/pRTo5HF1HsH5ecMp4LrZOPAAAAAElFTkSuQmCC
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Lines: 41
Xref: tiktok mail.sent:481
X-Gnus-Article-Number: 481   Wed Apr 16 22:31:17 2003

--=-=-=
Content-Transfer-Encoding: quoted-printable

Kirk Strauser <kirk@strauser.com> writes:

> Edit your ~/.gnupg/options.  Add:
>
>    keyserver-options auto-key-retrieve

It's `~/.gnupg/gpg.conf' these days (as of version 1.1.92), but yes.
However, PGG does also include support to retrieve keys itself:

,----[ C-h v pgg-query-keyserver ]
| pgg-query-keyserver's value is nil
|=20
| Documentation:
| Whether PGG queries keyservers for missing keys when verifying messages.
`----

Does this exist for OpenPGP implementations which do not support
automated key-retrieval, or is there some good reason to have PGG do
it instead of the OpenPGP tool?

=2D-=20
Marshall T. Vandegrift <vandem2@rpi.edu>

They were all, one might say, nonexistent, but each
non-existed in an entirely different way.
        -- Stanislaw Lem, /The Cyberiad/

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+nhH0aQb6rnTjFokRAkE9AJwN5zSlLuSADoAP/uQ2OQZ9VwEG2gCffyiW
P8Dbe9Bphtj93dcAxisCAJc=
=IhU3
-----END PGP SIGNATURE-----
--=-=-=--

[-- Attachment #3: mailing-list received message --]
[-- Type: text/plain, Size: 4168 bytes --]

Path: main.gmane.org!not-for-mail
From: "Marshall T. Vandegrift" <vandem2@rpi.edu>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: [PGG] Any way to download keys automatically?
Date: Wed, 16 Apr 2003 22:31:05 -0400
Lines: 43
Sender: ding-owner@lists.math.uh.edu
Approved: news@gmane.org
Message-ID: <87smsh7t3q.fsf@rpi.edu>
References: <87adepew4g.fsf@egil.codesourcery.com>
	<877k9tevry.fsf@pooh.honeypot.net>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
X-Trace: main.gmane.org 1050546677 6287 80.91.224.249 (17 Apr 2003 02:31:17 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Thu, 17 Apr 2003 02:31:17 +0000 (UTC)
Original-X-From: ding-owner+M97@lists.math.uh.edu Thu Apr 17 04:31:14 2003
Return-path: <ding-owner+M97@lists.math.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 195zBB-0001d7-00
	for <ding-account@gmane.org>; Thu, 17 Apr 2003 04:31:13 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 195zBl-0004A1-00; Wed, 16 Apr 2003 21:31:49 -0500
Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=root)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 195zBd-00049v-00
	for ding@lists.math.uh.edu; Wed, 16 Apr 2003 21:31:41 -0500
Original-Received: from tiktok (alb-24-194-32-10.nycap.rr.com [24.194.32.10])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with ESMTP id VAA28921
	for <ding@hpc.uh.edu>; Wed, 16 Apr 2003 21:32:49 -0500 (CDT)
Original-Received: from llasram by tiktok with local (Exim 4.12)
	id 195zBE-00011U-00
	for ding@hpc.uh.edu; Wed, 16 Apr 2003 22:31:16 -0400
Original-To: ding@hpc.uh.edu
In-Reply-To: <877k9tevry.fsf@pooh.honeypot.net> (Kirk Strauser's message of
 "Wed, 16 Apr 2003 20:51:29 -0500")
User-Agent: Gnus/5.090018 (Oort Gnus v0.18) Emacs/21.3 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEUAAACrq6tpaWnU1NSO
 jo7///9ISEgoKCit8pKhAAACWElEQVR4nHWTQW/bMAyFiWGIz4rV7bqwgnJ2ZPcuR0jOmZF7
 KwTUNcgG6+/vMWmLtsiYi8FPj3okFTr+J+jD98YN90Ev+eEumJZyuguOYelXd8Fx6nl1Fxwn
 M27vgsPQ8cNXME0hhOEY4heAZJiCeWvlHXTboLHcfgGTaQdV7E7DZ9DHqyDs5JOrqbNmUkXn
 5VVyA51N7VUAIB/sBusS6sNWLyKP72AwCQDpEDZS5GV4BVOXmBmXTwpETu0NHDyzc445oZMf
 UkpO4QZKnasIaDJwK5J5OyjAeqrAFAqNzhcpeVyFq2IUmTliet0u4xMKp2BKLHKulwhTOCLz
 DIBjdGCAsmjyNrRjlloBGNdTryCbc15htKptYMRtj7RhTMF1+5MJoffjTyIPh3GgUQAeu+UL
 bHXMnha4CLVIBbntUsRwTSw7musMSSKfs3BsnU4Xs9lRUZAZAKbqhQE6E5f7qgBnUcoLycVG
 Y0wXzR6GRbzPNHIGyO4KbLuv6EQHpqUKiWMFpg27c3MlmVh8oepytFfyhBZRrAjhCqEqczYW
 v7DhoqQKYQO+1Cx/jU3JmD760uj9GACizOKQj234nZbropMkzctzTti7i+0wmuRlrgWuSini
 q2TPzoTDCRUZS0EL86zZM814BIf1ylo7YsFCpczYM1FzSe3xqTHGxqSbpDWm+UxECxuG6fzd
 JAsXrK5qOZMGXuaeVmgGZNT51VuevoUlNS4lG6NKMH56DXws8OoQKoGr8xuhJmfG+04qQR+3
 5Ez0Hf+Om0RBWqui1l9Ef/pRTo5HF1HsH5ecMp4LrZOPAAAAAElFTkSuQmCC
Precedence: bulk
Xref: main.gmane.org gmane.emacs.gnus.general:51553
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:51553

--=-=-=
Content-Transfer-Encoding: quoted-printable

Kirk Strauser <kirk@strauser.com> writes:

> Edit your ~/.gnupg/options.  Add:
>
>    keyserver-options auto-key-retrieve

It's `~/.gnupg/gpg.conf' these days (as of version 1.1.92), but yes.
However, PGG does also include support to retrieve keys itself:

,----[ C-h v pgg-query-keyserver ]
| pgg-query-keyserver's value is nil
|=20
| Documentation:
| Whether PGG queries keyservers for missing keys when verifying messages.
`----

Does this exist for OpenPGP implementations which do not support
automated key-retrieval, or is there some good reason to have PGG do
it instead of the OpenPGP tool?

--=20
Marshall T. Vandegrift <vandem2@rpi.edu>

They were all, one might say, nonexistent, but each
non-existed in an entirely different way.
        -- Stanislaw Lem, /The Cyberiad/

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+nhH0aQb6rnTjFokRAkE9AJ9ghVQPJjlccOWpDOwlbamXP+ZtBQCfUBYP
z37pvXlrurm82wL5Rvulxeg=
=I/AB
-----END PGP SIGNATURE-----
--=-=-=--



[-- Attachment #4: Type: text/plain, Size: 219 bytes --]


-- 
Marshall T. Vandegrift <vandem2@rpi.edu>

Disciplined and calm, to await the appearance of
disorder and hubbub amongst the enemy:--this is the
art of retaining self-possession.
        -- Sun Tzu, /The Art of War/

Re: Bad PGP signatures due to MIME encoding (?)

[Marshall T. Vandegrift]

[-- Attachment #1: Type: text/plain, Size: 1479 bytes --]

Simon Josefsson <jas@extundo.com> writes:

> Hm, do you have some message-id?  I don't recall this, but then
> perhaps I don't verify the signatures all that often.

From what I can grep locally:

<news://news.gmane.org/plop87ades4rh1.fsf@gnu-rox.org>
<news://news.gmane.org/877k9tevry.fsf@pooh.honeypot.net>
<news://news.gmane.org/86d6jn1zfc.fsf@jochen.rijnh.nl>

Interestingly, some of the posters of these messages also have
messages where their signatures do verify.  In all the ones where the
signatures don't verify, a `--' has been encoded as `--' and `-- ' as
`--=20', while in the ones where it does verify they have been
correctly encoded as `=2D-' and `=2D-=20' respectively:

<news://news.gmane.org/plop87u1d0dg3x.fsf@gnu-rox.org>
<news://news.gmane.org/86fzok4xq7.fsf@jochen.rijnh.nl>

I'd try to find more examples with other people, but doing ESC s
through all the ding on gmane is slow...  (Is there a way to have the
regex be applied to the raw message?)

> Ah, right.  One idea is that the message is signed twice, sometimes
> people complain that Gnus asks them for a key phrase twice, but if you
> use gpg-agent this happens silently.  Signatures for the same message
> will always be different, so this might explain it.

Hmm. Why does it get run twice?

-- 
Marshall T. Vandegrift <vandem2@rpi.edu>

Real are the dreams of Gods, and smoothly pass
Their pleasures in a long immortal dream.
        -- John Keats, /Lamia/

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: Bad PGP signatures due to MIME encoding (?)

[Simon Josefsson]

Marshall T. Vandegrift <vandem2@rpi.edu> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> No idea, people complain about it from time to time.  I refuse to
>> enable the key phrase cache or gpg-agent so that I'm reminded that the
>> problem is still there, in the hope that I get annoyed enough to
>> actually investigate it some time.  Not yet, though.
>
> Ooh...  Yummy.  So I investigated, sent around a bazillion test
> messages to myself, and learned more features of the elisp debuggers
> along the way.
>
> It looks like the cause is that `message-send' calls
> `message-send-mail' or `message-send-news' (as appropriate), which
> translates any mml in the message into actual MIME parts.  If there's
> a `Gcc' header, then `gnus-inews-do-gcc' eventually gets called, but
> on the original message, so it gets to turn around and do all the
> complicated mml-->MIME processing all over again, including PGP
> signature generation.
>
> I don't know nearly enough about the Gnus internals to even begin
> suggesting how to fix this, but it seems like there should be a Better
> Way...

Thanks for the analysis.  I think one complication in solving this is
when an article is both mailed and posted (to news).  Depending on the
destination, the body might end up being encoded differently, so it is
unclear where to invoke the PGP signing.  The same applies to GCC --
what encodings are appropriate for mail or news might not be
appropriate for a GCC.

I'm also not sure what a good solution would be.  Perhaps simply
explaining the problem is enough, then users can understand what is
going on.  In mail, the user can add a BCC to get a copy of the
message as it really was sent.  There should probably be a feature
that inhibits PGP/SMIME for GCC.  There is
gnus-gcc-externalize-attachments now, that does roughly the same but
for attachments.  Maybe a gnus-gcc-inhibit-security would be useful.