Corrupt pgp-signed messages

[Spicer, Kevin]

> I would like to see the difference in the MIME structure between what
> MailMan does and what MailScanner does. I just add the 
> signature on to the
> end of the first in-line text+html segments of the message, 
> which will be
> what you see. So the signature should be put in place after 
> the signature,
> and therefore hopefully outside the signed portion of the message.
> 

I don't use mailman but I've been able to produce the same/a similar behaviour with differences between Outlook on Windows (with the gdata gpg plugin) and Evolution on Linux.

Outlook / Gdata plugin...
Mime type : text/plain
Single part message, PGP Message and Signature are all within the body of the message and MailScanner signe the message after the PGP signature.
On receipt the PGP signature validates okay.

Evolution...
Multi part MIME message (content type: multipart/signed)
First section (text/plain) contains the message itself (without the PGP signature) with the MailScanner signature appended.
Second section (application/pgp-signature) contains the PGP signature.
In this case the mailscanner signature breaks the PGP signature.

Julian - if you'd like a closer look I'll happily send you my test messages off-list.

As an aside - I prefer the way evolution handles it from a security point of view, but unfortunately this doesn't work at all with gdata's plugin!



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.