Re: PGP sigs fail verification

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Author: Erik Christiansen
Date:  
To: mutt-users
Subject: Re: PGP sigs fail verification
On 20.09.16 20:01, Ian Zimmerman wrote:
> I did the manual gpg test on multiple mails, this time properly
> massaging them into the RFC 3156 format. In most cases, mutt and gpg
> actually agree: both say BAD, or both say GOOD. There is one exception,
> though: Miro's original message in which this thread is rooted. That
> one verifies OK through manual gpg, but mutt says BAD.
>
> So, there's a flea, but there's also a bug :(
>
> Can the house experts comment on this - Patrick, Erik, Cameron? Does
> sig verification just work for you?


ISTM that your research, Ian, is quickly making you house expert on this
topic. Sadly, it is probably the biggest hole in my knowledge of mutt,
as I've never thought of a good enough reason to go down the signing path.

But, if only one post evokes the flea, then it boils down to identifying
the difference. (I'm having trouble seeing how body content is likely to
do it only very rarely, unless it's due to variations in details of the
MIME transport.)

...
> I conjecture that the BAD result in the case of Jean-Christophe's
> message, #4 above, results from him inserting a non-standard X- header
> in the signed MIME part. I don't have an explanation for the other BAD
> results.


I've lost track; do those "BAD BAD" posts verify "GOOD" anywhere?
(I.e. are we sure it's down to an issue in mutt in those cases too?)

Erik