Re: PGP sigs fail verification

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Author: Ian Zimmerman
Date:  
To: mutt-users
Subject: Re: PGP sigs fail verification
On 2016-09-19 16:15, Ian Zimmerman wrote:

> For my part I now think this is a flea.


There must be more than one thing going on :(

I did the manual gpg test on multiple mails, this time properly
massaging them into the RFC 3156 format. In most cases, mutt and gpg
actually agree: both say BAD, or both say GOOD. There is one exception,
though: Miro's original message in which this thread is rooted. That
one verifies OK through manual gpg, but mutt says BAD.

So, there's a flea, but there's also a bug :(

Can the house experts comment on this - Patrick, Erik, Cameron? Does
sig verification just work for you?

Here are the mailing list messages I tested:

                                                          mutt    gpg


http://marc.info/?l=gentoo-user&m=147435795624410&q=raw   GOOD    GOOD


http://marc.info/?l=mutt-users&m=147420131617997&q=raw    GOOD    GOOD


http://marc.info/?l=mutt-users&m=147417425713497&q=raw    BAD     GOOD


http://marc.info/?l=mutt-users&m=147418223314681&q=raw    BAD     BAD


http://marc.info/?l=gentoo-user&m=147421675920866&q=raw   BAD     BAD


I conjecture that the BAD result in the case of Jean-Christophe's
message, #4 above, results from him inserting a non-standard X- header
in the signed MIME part. I don't have an explanation for the other BAD
results.

--
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?